Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-02 | CVE-2021-21289 | OS Command Injection vulnerability in multiple products Mechanize is an open-source ruby library that makes automated web interaction easy. | 8.3 |
| 2021-02-02 | CVE-2021-25310 | OS Command Injection vulnerability in Belkin Linksys Wrt160Nl Firmware 1.0.04.002Us20130619 The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. | 8.8 |
| 2021-02-02 | CVE-2020-18568 | OS Command Injection vulnerability in Dlink Dsr-1000N Firmware and Dsr-250 Firmware The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution. | 9.8 |
| 2021-02-02 | CVE-2020-25506 | OS Command Injection vulnerability in Dlink Dns-320 Firmware 2.06B01 D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. | 9.8 |
| 2021-02-02 | CVE-2020-25036 | OS Command Injection vulnerability in Ucopia Wireless Appliance 6.0.5 UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command. | 8.8 |
| 2021-01-28 | CVE-2020-5626 | OS Command Injection vulnerability in Infoscience ELC Analytics and Logstorage Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file. | 8.8 |
| 2021-01-26 | CVE-2021-3317 | OS Command Injection vulnerability in Klogserver Klog Server 2.4.1 KLog Server through 2.4.1 allows authenticated command injection. | 8.8 |
| 2021-01-26 | CVE-2013-2512 | OS Command Injection vulnerability in Ftpd Project Ftpd 0.2.1 The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic. | 9.8 |
| 2021-01-26 | CVE-2021-3291 | OS Command Injection vulnerability in Zen-Cart ZEN Cart 1.5.7B Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. | 7.2 |
| 2021-01-26 | CVE-2021-3190 | OS Command Injection vulnerability in Async-Git Project Async-Git The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. | 9.8 |