Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-06-15 | CVE-2010-1885 | OS Command Injection vulnerability in Microsoft products The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." Per: http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx "customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this issue, or at risk of attack." | 9.3 |
| 2010-04-15 | CVE-2010-1423 | OS Command Injection vulnerability in Oracle JDK and JRE Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. | 9.3 |
| 2010-03-27 | CVE-2010-1132 | OS Command Injection vulnerability in Georg Greve Spamassassin Milter Plugin 0.3.1 The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message. | 9.3 |
| 2010-03-10 | CVE-2010-0418 | OS Command Injection vulnerability in Chumby Classic and Chumby ONE The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request. | 10.0 |
| 2010-03-05 | CVE-2010-0934 | OS Command Injection vulnerability in Perforce Server 2008.1 The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script. | 7.1 |
| 2010-02-19 | CVE-2009-4644 | OS Command Injection vulnerability in Accellion Secure File Transfer Appliance Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program. | 9.0 |
| 2009-12-31 | CVE-2009-4498 | OS Command Injection vulnerability in Zabbix The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | 6.8 |
| 2009-11-29 | CVE-2009-4025 | OS Command Injection vulnerability in Pear 0.11/0.20/0.21 Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. | 10.0 |
| 2009-09-17 | CVE-2009-3233 | OS Command Injection vulnerability in Cameron Morland Changetrack 4.3 changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack. | 7.2 |
| 2009-09-02 | CVE-2008-7158 | OS Command Injection vulnerability in Numarasoftware Footprints Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. | 10.0 |