Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-6065 OS Command Injection vulnerability in IBM Security Guardium
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.
local
low complexity
ibm CWE-78
7.8
2017-01-31 CVE-2016-10043 OS Command Injection vulnerability in MRF web Panel 9.0.1
An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1.
network
low complexity
mrf CWE-78
critical
10.0
2017-01-26 CVE-2017-3796 OS Command Injection vulnerability in Cisco Webex Meetings Server 2.6.0
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts.
network
low complexity
cisco CWE-78
7.2
2016-12-11 CVE-2016-6631 OS Command Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-78
7.5
2016-11-30 CVE-2016-2876 OS Command Injection vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue.
network
high complexity
ibm CWE-78
7.5
2016-11-25 CVE-2016-3028 OS Command Injection vulnerability in IBM products
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
network
low complexity
ibm CWE-78
critical
9.1
2016-11-24 CVE-2016-0325 OS Command Injection vulnerability in IBM Rational Team Concert
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to execute arbitrary OS commands via a crafted request.
network
low complexity
ibm CWE-78
6.3
2016-11-19 CVE-2016-6459 OS Command Injection vulnerability in Cisco Telepresence TC Software
Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection.
local
low complexity
cisco CWE-78
5.5
2016-10-10 CVE-2016-1000216 OS Command Injection vulnerability in Ruckus Wireless H500
Ruckus Wireless H500 web management interface authenticated command injection
network
low complexity
ruckus CWE-78
8.8
2016-09-22 CVE-2016-6414 OS Command Injection vulnerability in Cisco IOS 15.6(1)T1
iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223.
local
low complexity
cisco CWE-78
7.8