Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-27 | CVE-2007-4041 | OS Command Injection vulnerability in multiple products Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | 6.8 |
| 2006-12-10 | CVE-2006-6427 | OS Command Injection vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. | 7.5 |
| 2006-01-20 | CVE-2006-0325 | OS Command Injection vulnerability in Etomite Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter. | 7.5 |
| 2005-07-26 | CVE-2005-2368 | OS Command Injection vulnerability in VIM Development Group VIM vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels. | 9.3 |
| 2004-12-31 | CVE-2004-2732 | OS Command Injection vulnerability in Netbilling 2.0 nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensitive information via the cmd=test option, which can be leveraged to determine the access key. | 4.3 |
| 2002-12-31 | CVE-2002-1660 | OS Command Injection vulnerability in Jelsoft Vbulletin calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter. | 7.5 |
| 2001-12-31 | CVE-2001-1583 | OS Command Injection vulnerability in SUN Sunos lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. | 10.0 |