Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-24 | CVE-2021-39509 | Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb05R1B011D88210 An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. | 9.8 |
| 2021-08-24 | CVE-2021-39510 | Command Injection vulnerability in Dlink Dir-816 Firmware 101Cnb04 An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. | 9.8 |
| 2021-08-24 | CVE-2021-38556 | Command Injection vulnerability in Raspap 2.6.6 includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection. | 8.8 |
| 2021-08-24 | CVE-2021-38611 | Command Injection vulnerability in Nascent Remkon Device Manager 4.0.0.0 A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php. | 9.8 |
| 2021-08-20 | CVE-2020-18885 | Command Injection vulnerability in PHPmywind 5.6 Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. | 7.2 |
| 2021-08-17 | CVE-2020-15955 | Command Injection vulnerability in Fehcom S/Qmail In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. | 5.9 |
| 2021-08-17 | CVE-2020-29548 | Command Injection vulnerability in Smartertools Smartermail An issue was discovered in SmarterTools SmarterMail through 100.0.7537. | 8.1 |
| 2021-08-17 | CVE-2021-32830 | Command Injection vulnerability in Haikuforteams Diez The @diez/generation npm package is a client for Diez. | 7.0 |
| 2021-08-17 | CVE-2021-3617 | Command Injection vulnerability in Lenovo products A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. | 7.2 |
| 2021-08-16 | CVE-2021-21595 | Command Injection vulnerability in Dell EMC Powerscale Onefs Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. | 6.7 |