Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-25 | CVE-2021-28958 | OS Command Injection vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. | 9.8 |
| 2021-06-25 | CVE-2021-35047 | OS Command Injection vulnerability in Fidelissecurity Deception and Network Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. | 8.8 |
| 2021-06-25 | CVE-2021-35049 | OS Command Injection vulnerability in Fidelissecurity Deception and Network Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. | 8.8 |
| 2021-06-23 | CVE-2021-21809 | OS Command Injection vulnerability in Moodle 3.10.0 A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. | 9.1 |
| 2021-06-21 | CVE-2021-31769 | OS Command Injection vulnerability in Myq-Solution MYQ Server MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. | 8.8 |
| 2021-06-16 | CVE-2020-25755 | OS Command Injection vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. | 8.8 |
| 2021-06-12 | CVE-2021-32556 | OS Command Injection vulnerability in Canonical Apport It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. | 3.3 |
| 2021-06-09 | CVE-2021-33357 | OS Command Injection vulnerability in Raspap A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands. | 9.8 |
| 2021-06-09 | CVE-2021-33358 | OS Command Injection vulnerability in Raspap Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands. | 8.8 |
| 2021-06-09 | CVE-2021-33841 | OS Command Injection vulnerability in Circutor Sge-Plc1000 Firmware 0.9.2B SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges. | 9.8 |