Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-2200 | OS Command Injection vulnerability in Jenkins Play Framework Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | 8.8 |
| 2020-06-01 | CVE-2014-8945 | OS Command Injection vulnerability in Piwigo Lexiglot admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. | 9.8 |
| 2020-06-01 | CVE-2014-7173 | OS Command Injection vulnerability in Farsite Farlinx X25 Gateway Firmware 20140925 FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php. | 9.8 |
| 2020-06-01 | CVE-2020-13694 | OS Command Injection vulnerability in Quickbox In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option. | 8.8 |
| 2020-06-01 | CVE-2020-13448 | OS Command Injection vulnerability in Quickbox QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter. | 8.8 |
| 2020-05-29 | CVE-2020-8816 | OS Command Injection vulnerability in Pi-Hole Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | 7.2 |
| 2020-05-28 | CVE-2019-20807 | OS Command Injection vulnerability in multiple products In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). | 5.3 |
| 2020-05-28 | CVE-2020-11950 | OS Command Injection vulnerability in Vivotek products VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). | 8.8 |
| 2020-05-27 | CVE-2020-8605 | OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. | 8.8 |
| 2020-05-26 | CVE-2020-12393 | OS Command Injection vulnerability in Mozilla Firefox The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. | 7.8 |