Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-30 | CVE-2020-14947 | OS Command Injection vulnerability in Factorfx Open Computer Software Inventory Next Generation 2.7 OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid. | 8.8 |
| 2020-06-30 | CVE-2020-15415 | OS Command Injection vulnerability in Draytek products On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472. | 9.8 |
| 2020-06-29 | CVE-2020-15362 | OS Command Injection vulnerability in Thingssdk Wifiscanner 1.0.1 wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. | 9.8 |
| 2020-06-29 | CVE-2020-14414 | OS Command Injection vulnerability in Nedi 1.9C NeDi 1.9C is vulnerable to Remote Command Execution. | 8.8 |
| 2020-06-29 | CVE-2020-14412 | OS Command Injection vulnerability in Nedi 1.9C NeDi 1.9C is vulnerable to Remote Command Execution. | 8.8 |
| 2020-06-29 | CVE-2020-14072 | OS Command Injection vulnerability in Mk-Auth 19.01 An issue was discovered in MK-AUTH 19.01. | 9.8 |
| 2020-06-25 | CVE-2019-16213 | OS Command Injection vulnerability in Tendacn PA6 Firmware 1.0.1.21 Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2020-06-22 | CVE-2020-13159 | OS Command Injection vulnerability in Articatech Artica Proxy 4.28.030.418/4.28.030418 Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. | 9.8 |
| 2020-06-21 | CVE-2020-14950 | OS Command Injection vulnerability in Aapanel aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store. | 8.8 |
| 2020-06-18 | CVE-2020-3336 | OS Command Injection vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem. | 7.2 |