Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-30 | CVE-2019-19217 | OS Command Injection vulnerability in Bmcsoftware Control-M/Agent 7.0.00.000 BMC Control-M/Agent 7.0.00.000 allows OS Command Injection. | 8.8 |
| 2020-04-29 | CVE-2019-5623 | OS Command Injection vulnerability in Accellion File Transfer Appliance 80540 Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'). | 9.8 |
| 2020-04-29 | CVE-2016-11061 | OS Command Injection vulnerability in Xerox products Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device. | 9.8 |
| 2020-04-29 | CVE-2020-7804 | OS Command Injection vulnerability in Handysoft Groupware 1.7.3.1 ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method. | 7.2 |
| 2020-04-29 | CVE-2020-12246 | OS Command Injection vulnerability in Beeline Smart BOX Firmware 2.0.38 Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter. | 8.8 |
| 2020-04-28 | CVE-2018-21225 | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
| 2020-04-28 | CVE-2017-18858 | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command execution. | 9.8 |
| 2020-04-28 | CVE-2016-11054 | OS Command Injection vulnerability in Netgear Dgn2200 Firmware NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory. | 7.2 |
| 2020-04-28 | CVE-2020-12078 | OS Command Injection vulnerability in Opmantek Open-Audit 3.3.1 An issue was discovered in Open-AudIT 3.3.1. | 8.8 |
| 2020-04-27 | CVE-2020-7640 | OS Command Injection vulnerability in Pixlcore Pixl-Class 1.0.0/1.0.1/1.0.2 pixl-class prior to 1.0.3 allows execution of arbitrary commands. | 9.8 |