Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2010-03-27 CVE-2010-1132 OS Command Injection vulnerability in Georg Greve Spamassassin Milter Plugin 0.3.1
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
network
georg-greve CWE-78
critical
9.3
2010-03-10 CVE-2010-0418 OS Command Injection vulnerability in Chumby Classic and Chumby ONE
The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.
network
low complexity
chumby CWE-78
critical
10.0
2010-03-05 CVE-2010-0934 OS Command Injection vulnerability in Perforce Server 2008.1
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.
network
high complexity
perforce CWE-78
7.1
2010-02-19 CVE-2009-4644 OS Command Injection vulnerability in Accellion Secure File Transfer Appliance
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.
network
low complexity
accellion CWE-78
critical
9.0
2009-12-31 CVE-2009-4498 OS Command Injection vulnerability in Zabbix
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.
network
zabbix CWE-78
6.8
2009-11-29 CVE-2009-4025 OS Command Injection vulnerability in Pear 0.11/0.20/0.21
Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter.
network
low complexity
pear CWE-78
critical
10.0
2009-09-17 CVE-2009-3233 OS Command Injection vulnerability in Cameron Morland Changetrack 4.3
changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.
local
low complexity
cameron-morland CWE-78
7.2
2009-09-02 CVE-2008-7158 OS Command Injection vulnerability in Numarasoftware Footprints
Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl.
network
low complexity
numarasoftware CWE-78
critical
10.0
2009-08-31 CVE-2008-7125 OS Command Injection vulnerability in Ariadne-Cms Ariadne CMS 2.4
pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command.
network
low complexity
ariadne-cms CWE-78
critical
9.0
2009-07-01 CVE-2009-2288 OS Command Injection vulnerability in Nagios
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
network
low complexity
nagios CWE-78
7.5