Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2016-10-10 CVE-2016-1000216 OS Command Injection vulnerability in Ruckus Wireless H500
Ruckus Wireless H500 web management interface authenticated command injection
network
low complexity
ruckus CWE-78
8.8
2016-09-22 CVE-2016-6414 OS Command Injection vulnerability in Cisco IOS 15.6(1)T1
iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223.
local
low complexity
cisco CWE-78
7.8
2016-09-22 CVE-2016-6373 OS Command Injection vulnerability in Cisco Cloud Services Platform 2100 2.0.0Base
The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541.
network
low complexity
cisco CWE-78
7.2
2016-09-21 CVE-2016-4965 OS Command Injection vulnerability in Fortinet Fortiwan
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.
network
low complexity
fortinet CWE-78
8.8
2016-09-17 CVE-2016-1482 OS Command Injection vulnerability in Cisco Webex Meetings Server 2.6.0
Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130.
network
high complexity
cisco CWE-78
8.1
2016-09-02 CVE-2016-4853 OS Command Injection vulnerability in Akabei Soft2 Happy Wardrobe
AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe.
local
low complexity
akabei-soft2 CWE-78
7.8
2016-08-31 CVE-2016-5679 OS Command Injection vulnerability in multiple products
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
network
low complexity
nuuo netgear CWE-78
8.8
2016-08-08 CVE-2016-1468 OS Command Injection vulnerability in Cisco Telepresence Video Communication Server X8.5.2
The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531.
network
low complexity
cisco CWE-78
8.8
2016-08-08 CVE-2015-6396 OS Command Injection vulnerability in Cisco products
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
local
low complexity
cisco CWE-78
7.8
2016-08-05 CVE-2016-6147 OS Command Injection vulnerability in SAP Trex 7.10
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.
network
low complexity
sap CWE-78
critical
9.8