Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-07-18 | CVE-2013-4781 | OS Command Injection vulnerability in Siemens products core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |
2013-06-14 | CVE-2013-3576 | OS Command Injection vulnerability in HP System Management Homepage ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. | 9.0 |
2013-04-25 | CVE-2013-1947 | OS Command Injection vulnerability in Kelly D. Redding Kelredd-Pruview 0.3.8 kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb. | 9.3 |
2013-04-25 | CVE-2013-1933 | OS Command Injection vulnerability in Documentcloud Karteek-Docsplit 0.5.4 The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename. | 9.3 |
2013-02-24 | CVE-2013-0804 | OS Command Injection vulnerability in Novell Groupwise The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors. | 10.0 |
2013-01-21 | CVE-2013-0928 | OS Command Injection vulnerability in EMC Alphastor 4.0 The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. | 9.3 |
2012-10-22 | CVE-2012-3001 | OS Command Injection vulnerability in Mutiny Standard Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability." Per: http://www.kb.cert.org/vuls/id/841851 "Impact An authenticated attacker can run arbitrary commands on the appliance." Per: http://www.mutiny.com/products.php "Mutiny is a virtual appliance that uses industry standard SNMP to gather information from IT Infrastructure, process and display the results in a multi-user web front-end that allows administrators and managers alike to quickly asses the health of their estate." | 8.5 |
2012-09-08 | CVE-2012-4011 | OS Command Injection vulnerability in Cybozu Kunai 2.0.5 The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. | 9.3 |
2012-08-20 | CVE-2012-4361 | OS Command Injection vulnerability in HP San/Iq lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter. | 7.7 |
2012-08-20 | CVE-2012-2986 | OS Command Injection vulnerability in HP San/Iq 9.5 lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. | 7.7 |