Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-16 | CVE-2023-25280 | OS Command Injection vulnerability in Dlink Dir820La1 Firmware 105B03 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. | 9.8 |
| 2023-03-14 | CVE-2023-28343 | OS Command Injection vulnerability in Apsystems Energy Communication Unit Firmware C1.2.5 OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php. | 9.8 |
| 2023-03-14 | CVE-2023-25617 | OS Command Injection vulnerability in SAP Business Objects Business Intelligence Platform 420/430 SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. | 8.8 |
| 2023-03-13 | CVE-2023-25279 | OS Command Injection vulnerability in Dlink Dir-820L Firmware 105B03 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. | 9.8 |
| 2023-03-13 | CVE-2023-24762 | OS Command Injection vulnerability in Dlink Dir-867 Firmware 1.30B07 OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1. | 9.8 |
| 2023-03-11 | CVE-2023-1350 | OS Command Injection vulnerability in Liferea Project Liferea A vulnerability was found in liferea. | 9.8 |
| 2023-03-09 | CVE-2023-27985 | OS Command Injection vulnerability in GNU Emacs 28.1/28.2 emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. | 7.8 |
| 2023-03-08 | CVE-2023-1277 | OS Command Injection vulnerability in Ubuntukylin Kylin-System-Updater A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord. | 7.8 |
| 2023-03-08 | CVE-2023-25395 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 router has a command injection vulnerability. | 9.8 |
| 2023-03-07 | CVE-2022-39951 | OS Command Injection vulnerability in Fortinet Fortiweb A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 8.8 |