Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2019-6275 | Command Injection vulnerability in Gl-Inet Gl-Ar300M-Lite Firmware 2.27 Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | 8.8 |
| 2019-03-21 | CVE-2019-6272 | Command Injection vulnerability in Gl-Inet Gl-Ar300M-Lite Firmware 2.27 Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | 8.8 |
| 2019-03-21 | CVE-2019-5413 | Command Injection vulnerability in Morgan Project Morgan An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. | 9.8 |
| 2019-03-08 | CVE-2018-20236 | Command Injection vulnerability in Atlassian Sourcetree There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. | 8.8 |
| 2019-03-05 | CVE-2019-3920 | Command Injection vulnerability in Nokia I-240W-Q Gpon ONT Firmware 3Fe54567Bozj19 The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/. | 8.8 |
| 2019-03-05 | CVE-2019-3919 | Command Injection vulnerability in Nokia I-240W-Q Gpon ONT Firmware 3Fe54567Bozj19 The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/. | 8.8 |
| 2019-02-15 | CVE-2013-2516 | Command Injection vulnerability in Fileutils Project Fileutils Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell. | 8.8 |
| 2019-02-05 | CVE-2016-1000282 | Command Injection vulnerability in Haraka Project Haraka Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. | 9.8 |
| 2019-02-04 | CVE-2019-1000018 | Command Injection vulnerability in multiple products rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. | 7.8 |
| 2019-01-24 | CVE-2019-1646 | Command Injection vulnerability in Cisco products A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. | 7.8 |