Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-02-19 CVE-2019-25024 OS Command Injection vulnerability in Alleghenycreative Openrepeater
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.
network
low complexity
alleghenycreative CWE-78
critical
10.0
2021-02-18 CVE-2021-26747 OS Command Injection vulnerability in Netis-Systems Wf2411 Firmware and Wf2780 Firmware
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.
network
low complexity
netis-systems CWE-78
critical
10.0
2021-02-17 CVE-2021-20655 OS Command Injection vulnerability in Soliton Filezen
FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
network
low complexity
soliton CWE-78
critical
9.0
2021-02-16 CVE-2021-27104 OS Command Injection vulnerability in Accellion FTA 912370
Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints.
network
low complexity
accellion CWE-78
critical
10.0
2021-02-16 CVE-2021-27102 OS Command Injection vulnerability in Accellion FTA 912370/912380/912411
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call.
local
low complexity
accellion CWE-78
7.2
2021-02-16 CVE-2021-20074 OS Command Injection vulnerability in Racom M!Dge Cellular Router Firmware 4.4.40.105
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.
network
low complexity
racom CWE-78
critical
9.0
2021-02-16 CVE-2021-21315 OS Command Injection vulnerability in Systeminformation
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information.
local
low complexity
systeminformation CWE-78
4.6
2021-02-15 CVE-2021-25298 OS Command Injection vulnerability in Nagios XI 5.7.5
Nagios XI version xi-5.7.5 is affected by OS command injection.
network
low complexity
nagios CWE-78
critical
9.0
2021-02-15 CVE-2021-25297 OS Command Injection vulnerability in Nagios XI 5.7.5
Nagios XI version xi-5.7.5 is affected by OS command injection.
network
low complexity
nagios CWE-78
critical
9.0
2021-02-15 CVE-2021-25296 OS Command Injection vulnerability in Nagios XI 5.7.5
Nagios XI version xi-5.7.5 is affected by OS command injection.
network
low complexity
nagios CWE-78
critical
9.0