Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-22 | CVE-2021-3149 | OS Command Injection vulnerability in Netshieldcorp Nano 25 Firmware 10.2.18 On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely. | 7.2 |
| 2021-02-19 | CVE-2020-36246 | OS Command Injection vulnerability in Amaze File Manager Project Amaze File Manager Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. | 7.8 |
| 2021-02-19 | CVE-2019-25024 | OS Command Injection vulnerability in Alleghenycreative Openrepeater OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. | 9.8 |
| 2021-02-18 | CVE-2021-26747 | OS Command Injection vulnerability in Netis-Systems Wf2411 Firmware and Wf2780 Firmware Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. | 9.8 |
| 2021-02-18 | CVE-2020-28490 | OS Command Injection vulnerability in Async-Git Project Async-Git The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). | 9.8 |
| 2021-02-18 | CVE-2020-29664 | OS Command Injection vulnerability in DJI Mavic 2 Firmware A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. | 7.8 |
| 2021-02-17 | CVE-2021-20655 | OS Command Injection vulnerability in Soliton Filezen FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | 7.2 |
| 2021-02-16 | CVE-2021-27104 | OS Command Injection vulnerability in Accellion FTA 912220/912370 Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. | 9.8 |
| 2021-02-16 | CVE-2021-27102 | OS Command Injection vulnerability in Accellion FTA Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. | 7.8 |
| 2021-02-16 | CVE-2021-20074 | OS Command Injection vulnerability in Racom M!Dge Firmware 4.4.40.105 Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. | 8.8 |