Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-03-27 | CVE-2010-1132 | OS Command Injection vulnerability in Georg Greve Spamassassin Milter Plugin 0.3.1 The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message. | 9.3 |
2010-03-10 | CVE-2010-0418 | OS Command Injection vulnerability in Chumby Classic and Chumby ONE The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request. | 10.0 |
2010-03-05 | CVE-2010-0934 | OS Command Injection vulnerability in Perforce Server 2008.1 The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script. | 7.1 |
2010-02-19 | CVE-2009-4644 | OS Command Injection vulnerability in Accellion Secure File Transfer Appliance Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program. | 9.0 |
2009-12-31 | CVE-2009-4498 | OS Command Injection vulnerability in Zabbix The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | 6.8 |
2009-11-29 | CVE-2009-4025 | OS Command Injection vulnerability in Pear 0.11/0.20/0.21 Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. | 10.0 |
2009-09-17 | CVE-2009-3233 | OS Command Injection vulnerability in Cameron Morland Changetrack 4.3 changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack. | 7.2 |
2009-09-02 | CVE-2008-7158 | OS Command Injection vulnerability in Numarasoftware Footprints Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. | 10.0 |
2009-08-31 | CVE-2008-7125 | OS Command Injection vulnerability in Ariadne-Cms Ariadne CMS 2.4 pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. | 9.0 |
2009-07-01 | CVE-2009-2288 | OS Command Injection vulnerability in Nagios statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. | 7.5 |