Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-01 | CVE-2020-13694 | OS Command Injection vulnerability in Quickbox In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option. | 8.8 |
| 2020-06-01 | CVE-2020-13448 | OS Command Injection vulnerability in Quickbox QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter. | 8.8 |
| 2020-05-29 | CVE-2020-8816 | OS Command Injection vulnerability in Pi-Hole Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | 7.2 |
| 2020-05-28 | CVE-2019-20807 | OS Command Injection vulnerability in multiple products In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). | 5.3 |
| 2020-05-28 | CVE-2020-11950 | OS Command Injection vulnerability in Vivotek products VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). | 8.8 |
| 2020-05-27 | CVE-2020-8605 | OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. | 8.8 |
| 2020-05-26 | CVE-2020-12393 | OS Command Injection vulnerability in Mozilla Firefox The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. | 7.8 |
| 2020-05-26 | CVE-2020-8171 | OS Command Injection vulnerability in UI Airos We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. | 9.8 |
| 2020-05-22 | CVE-2020-13388 | OS Command Injection vulnerability in Python Jw.Util An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. | 9.8 |
| 2020-05-22 | CVE-2020-1956 | OS Command Injection vulnerability in Apache Kylin Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation. | 8.8 |