Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-07-01 | CVE-2009-2288 | OS Command Injection vulnerability in Nagios statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. | 7.5 |
| 2009-06-09 | CVE-2008-2475 | OS Command Injection vulnerability in Ebay Enhanced Picture Uploader Activex Control eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property. | 9.3 |
| 2009-06-04 | CVE-2009-1916 | OS Command Injection vulnerability in Gscripts DNS Tools dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter. | 10.0 |
| 2009-05-29 | CVE-2009-1792 | OS Command Injection vulnerability in Stonetrip S3Dplayer Standalone and S3Dplayer web The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument). | 9.3 |
| 2009-04-08 | CVE-2008-6669 | OS Command Injection vulnerability in Dirk Bartley Nweb2Fax viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action. | 7.5 |
| 2009-03-30 | CVE-2008-6554 | OS Command Injection vulnerability in Aztech Adsl2/2+4-Port Router 3.7.0 cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. | 10.0 |
| 2009-03-11 | CVE-2009-0854 | OS Command Injection vulnerability in Dash 0.5.4 Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory. | 6.9 |
| 2009-03-11 | CVE-2009-0848 | OS Command Injection vulnerability in Opensuse 11.0/11.1 Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path." | 4.4 |
| 2009-02-21 | CVE-2008-6235 | OS Command Injection vulnerability in VIM 7.0/7.1 The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases. | 9.3 |
| 2009-02-21 | CVE-2008-3076 | OS Command Injection vulnerability in VIM 7.2A.10 The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. | 9.3 |