Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-02-25 | CVE-2011-0373 | OS Command Injection vulnerability in Cisco products The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685. | 9.0 |
| 2011-02-25 | CVE-2011-0372 | OS Command Injection vulnerability in Cisco products The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640. | 10.0 |
| 2011-01-13 | CVE-2011-0271 | OS Command Injection vulnerability in HP Openview Network Node Manager 7.51/7.53 The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability." | 10.0 |
| 2010-12-02 | CVE-2010-4278 | OS Command Injection vulnerability in Artica Pandora FMS operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php. | 9.0 |
| 2010-11-09 | CVE-2010-3039 | OS Command Injection vulnerability in Cisco Unified Communications Manager /usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930. | 6.8 |
| 2010-10-05 | CVE-2010-3757 | OS Command Injection vulnerability in IBM Tivoli Storage Manager Fastback Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via format string specifiers located after a | (pipe) character in a string. | 10.0 |
| 2010-10-05 | CVE-2010-3754 | OS Command Injection vulnerability in IBM Tivoli Storage Manager Fastback The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet. | 10.0 |
| 2010-10-05 | CVE-2010-3753 | OS Command Injection vulnerability in Xelerance Openswan 2.6.26/2.6.27/2.6.28 programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308. | 6.5 |
| 2010-10-05 | CVE-2010-3752 | OS Command Injection vulnerability in Xelerance Openswan programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302. | 6.5 |
| 2010-07-08 | CVE-2010-2445 | OS Command Injection vulnerability in Freeciv 2.2.0/2.3.0 freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions. | 10.0 |