Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-20 | CVE-2020-17456 | OS Command Injection vulnerability in Seowonintech products SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page. | 9.8 |
| 2020-08-18 | CVE-2020-24032 | OS Command Injection vulnerability in Xorux Lpar2Rrd and Stor2Rrd tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone. | 9.8 |
| 2020-08-18 | CVE-2020-23934 | OS Command Injection vulnerability in Ritecms 2.2.1 An issue was discovered in RiteCMS 2.2.1. | 8.8 |
| 2020-08-17 | CVE-2020-24220 | OS Command Injection vulnerability in Shopxo 1.8.1 ShopXO v1.8.1 has a command execution vulnerability. | 8.8 |
| 2020-08-17 | CVE-2020-8233 | OS Command Injection vulnerability in multiple products A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. | 8.8 |
| 2020-08-17 | CVE-2020-13122 | OS Command Injection vulnerability in Noviflow Noviware Nw500.2.12 The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. | 8.8 |
| 2020-08-14 | CVE-2020-16205 | OS Command Injection vulnerability in Geutebrueck products Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5). | 7.2 |
| 2020-08-13 | CVE-2020-11733 | OS Command Injection vulnerability in Spirent Avalanche and Testcenter An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. | 6.7 |
| 2020-08-12 | CVE-2020-12107 | OS Command Injection vulnerability in Stengg Vpncrypt M10 Firmware 2.6.5 The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module's Operating System. | 9.8 |
| 2020-08-12 | CVE-2020-17505 | OS Command Injection vulnerability in Articatech web Proxy 4.30.000000 Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. | 8.8 |