Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-17 | CVE-2018-19450 | Command Injection vulnerability in Foxitsoftware Foxit PDF SDK Activex A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. | 7.8 |
| 2019-06-17 | CVE-2018-19445 | Command Injection vulnerability in Foxitsoftware Foxit PDF SDK Activex 5.4.0.1031/5.5.0 A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. | 7.8 |
| 2019-06-17 | CVE-2017-9384 | Command Injection vulnerability in Getvera Veraedge Firmware and Veralite Firmware An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. | 8.8 |
| 2019-06-17 | CVE-2017-9388 | Command Injection vulnerability in Getvera Veraedge Firmware and Veralite Firmware An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. | 8.8 |
| 2019-06-12 | CVE-2019-7839 | Command Injection vulnerability in Adobe Coldfusion 11.0/2016/2018 ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. | 9.8 |
| 2019-06-11 | CVE-2017-18378 | Command Injection vulnerability in Netgear Readynas Surveillance Firmware In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution. | 9.8 |
| 2019-06-11 | CVE-2017-18377 | Command Injection vulnerability in Goahead Wireless IP Camera Wificam Firmware An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. | 9.8 |
| 2019-06-11 | CVE-2016-10760 | Command Injection vulnerability in Seowonintech products On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter. | 9.8 |
| 2019-06-11 | CVE-2013-7471 | Command Injection vulnerability in Dlink products An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. | 9.8 |
| 2019-06-11 | CVE-2010-5330 | Command Injection vulnerability in UI Airos On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. | 9.8 |