Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-22 | CVE-2017-6970 | OS Command Injection vulnerability in multiple products AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. | 8.4 |
2017-03-06 | CVE-2017-6334 | OS Command Injection vulnerability in Netgear Dgn2200 Series Firmware 10.0.0.50 dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. | 8.8 |
2017-02-22 | CVE-2017-6077 | OS Command Injection vulnerability in Netgear Dgn2200 Firmware ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request. | 9.8 |
2017-02-03 | CVE-2017-3806 | OS Command Injection vulnerability in Cisco Firepower Threat Defense A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. | 5.3 |
2017-02-01 | CVE-2016-6065 | OS Command Injection vulnerability in IBM Security Guardium IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. | 7.8 |
2017-01-31 | CVE-2016-10043 | OS Command Injection vulnerability in MRF web Panel 9.0.1 An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. | 10.0 |
2017-01-26 | CVE-2017-3796 | OS Command Injection vulnerability in Cisco Webex Meetings Server 2.6.0 A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. | 7.2 |
2016-12-11 | CVE-2016-6631 | OS Command Injection vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin. | 7.5 |
2016-11-30 | CVE-2016-2876 | OS Command Injection vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue. | 7.5 |
2016-11-25 | CVE-2016-3028 | OS Command Injection vulnerability in IBM products IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access. | 9.1 |