Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-13 | CVE-2020-27227 | OS Command Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3 An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. | 9.8 |
| 2021-04-13 | CVE-2021-29003 | OS Command Injection vulnerability in Genexis Platinum 4410 Firmware P4410V21.28 Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI. | 9.8 |
| 2021-04-12 | CVE-2021-29379 | OS Command Injection vulnerability in Dlink Dir-802 Firmware 1.00B05 An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. | 8.8 |
| 2021-04-09 | CVE-2021-21433 | OS Command Injection vulnerability in Demon1A Discord-Recon 0.0.1 Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. | 8.8 |
| 2021-04-09 | CVE-2020-21883 | OS Command Injection vulnerability in Indionetworks products Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover. | 8.8 |
| 2021-04-08 | CVE-2021-1473 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. | 9.8 |
| 2021-04-07 | CVE-2021-28927 | OS Command Injection vulnerability in Libretro Retroarch 1.9.0/1.9.1 The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names. | 7.8 |
| 2021-04-06 | CVE-2021-28204 | OS Command Injection vulnerability in Asus products The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. | 7.2 |
| 2021-04-06 | CVE-2021-28203 | OS Command Injection vulnerability in Asus products The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. | 7.2 |
| 2021-04-02 | CVE-2020-27600 | OS Command Injection vulnerability in Dlink Dir-846 Firmware A1100.26 HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter. | 9.8 |