Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-03-22 CVE-2017-6970 OS Command Injection vulnerability in multiple products
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.
local
low complexity
alienvault nfsen CWE-78
8.4
2017-03-06 CVE-2017-6334 OS Command Injection vulnerability in Netgear Dgn2200 Series Firmware 10.0.0.50
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
network
low complexity
netgear CWE-78
8.8
2017-02-22 CVE-2017-6077 OS Command Injection vulnerability in Netgear Dgn2200 Firmware
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
network
low complexity
netgear CWE-78
critical
9.8
2017-02-03 CVE-2017-3806 OS Command Injection vulnerability in Cisco Firepower Threat Defense
A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device.
local
low complexity
cisco CWE-78
5.3
2017-02-01 CVE-2016-6065 OS Command Injection vulnerability in IBM Security Guardium
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.
local
low complexity
ibm CWE-78
7.8
2017-01-31 CVE-2016-10043 OS Command Injection vulnerability in MRF web Panel 9.0.1
An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1.
network
low complexity
mrf CWE-78
critical
10.0
2017-01-26 CVE-2017-3796 OS Command Injection vulnerability in Cisco Webex Meetings Server 2.6.0
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts.
network
low complexity
cisco CWE-78
7.2
2016-12-11 CVE-2016-6631 OS Command Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-78
7.5
2016-11-30 CVE-2016-2876 OS Command Injection vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue.
network
high complexity
ibm CWE-78
7.5
2016-11-25 CVE-2016-3028 OS Command Injection vulnerability in IBM products
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
network
low complexity
ibm CWE-78
critical
9.1