Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-23 | CVE-2016-11022 | OS Command Injection vulnerability in Netgear products NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php. | 7.2 |
| 2020-03-22 | CVE-2020-10818 | OS Command Injection vulnerability in Articatech Artica Proxy 4.26 Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. | 7.2 |
| 2020-03-22 | CVE-2020-10808 | OS Command Injection vulnerability in Vestacp Vesta Control Panel Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. | 8.8 |
| 2020-03-21 | CVE-2019-12767 | OS Command Injection vulnerability in Dlink Dap-1650 Firmware An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. | 9.8 |
| 2020-03-20 | CVE-2019-19148 | OS Command Injection vulnerability in Tellabs Optical Line Terminal 1150 Firmware Ont709.2.50.12 Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command Execution via the -l option to TELNET or SSH. | 9.8 |
| 2020-03-20 | CVE-2019-19487 | OS Command Injection vulnerability in Centreon Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. | 8.8 |
| 2020-03-20 | CVE-2018-20334 | OS Command Injection vulnerability in Asus Asuswrt 3.0.0.4.384.20308 An issue was discovered in ASUSWRT 3.0.0.4.384.20308. | 9.8 |
| 2020-03-20 | CVE-2019-16072 | OS Command Injection vulnerability in Netsas Enigma Network Management Solution An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action. | 9.8 |
| 2020-03-19 | CVE-2020-3266 | OS Command Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |
| 2020-03-18 | CVE-2020-10674 | OS Command Injection vulnerability in Perlspeak Project Perlspeak PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open. | 9.8 |