Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-07 | CVE-2012-4177 | OS Command Injection vulnerability in UBI Uplay PC The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument. | 10.0 |
| 2012-07-23 | CVE-2012-2976 | OS Command Injection vulnerability in Symantec web Gateway The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue. | 10.0 |
| 2012-07-23 | CVE-2012-2953 | OS Command Injection vulnerability in Symantec web Gateway The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts. | 10.0 |
| 2012-07-16 | CVE-2012-2607 | OS Command Injection vulnerability in Johnsoncontrols Network Controller and Network Controller Firmware The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). | 7.5 |
| 2012-07-12 | CVE-2012-3076 | OS Command Injection vulnerability in Cisco Telepresence Recording Server The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804. | 9.0 |
| 2012-07-12 | CVE-2012-3075 | OS Command Injection vulnerability in Cisco products The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. | 9.0 |
| 2012-07-12 | CVE-2012-3074 | OS Command Injection vulnerability in Cisco products An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382. | 8.3 |
| 2012-07-05 | CVE-2012-2516 | OS Command Injection vulnerability in GE products An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." | 9.3 |
| 2012-07-03 | CVE-2012-3366 | OS Command Injection vulnerability in ANL Bcfg2 1.2.0 The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server). | 9.0 |
| 2012-03-20 | CVE-2012-1795 | OS Command Injection vulnerability in Webglimpse webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012. | 7.5 |