Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-01 | CVE-2020-7351 | OS Command Injection vulnerability in Netfortris Trixbox 1.2.0/2.8.0.4 An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. | 8.8 |
| 2020-04-30 | CVE-2020-11016 | OS Command Injection vulnerability in Intelmq Manager Project Intelmq Manager 1.1.0/2.0.0/2.1.0 IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. | 8.8 |
| 2020-04-30 | CVE-2019-19220 | OS Command Injection vulnerability in Bmcsoftware Control-M/Agent 7.0.00.000 BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2). | 8.8 |
| 2020-04-30 | CVE-2019-19217 | OS Command Injection vulnerability in Bmcsoftware Control-M/Agent 7.0.00.000 BMC Control-M/Agent 7.0.00.000 allows OS Command Injection. | 8.8 |
| 2020-04-29 | CVE-2019-5623 | OS Command Injection vulnerability in Accellion File Transfer Appliance 80540 Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'). | 9.8 |
| 2020-04-29 | CVE-2016-11061 | OS Command Injection vulnerability in Xerox products Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device. | 9.8 |
| 2020-04-29 | CVE-2020-7804 | OS Command Injection vulnerability in Handysoft Groupware 1.7.3.1 ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method. | 7.2 |
| 2020-04-29 | CVE-2020-12246 | OS Command Injection vulnerability in Beeline Smart BOX Firmware 2.0.38 Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter. | 8.8 |
| 2020-04-28 | CVE-2018-21225 | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
| 2020-04-28 | CVE-2017-18858 | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command execution. | 9.8 |