Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-14 | CVE-2020-8858 | OS Command Injection vulnerability in Moxa products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. | 8.8 |
| 2020-02-13 | CVE-2020-8963 | OS Command Injection vulnerability in Timetoolsltd products TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter. | 9.8 |
| 2020-02-12 | CVE-2020-8949 | OS Command Injection vulnerability in Gocloud products Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring. | 8.8 |
| 2020-02-12 | CVE-2020-8947 | OS Command Injection vulnerability in Artica Pandora FMS 7.0 functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224. | 7.2 |
| 2020-02-12 | CVE-2020-8946 | OS Command Injection vulnerability in Netis-Systems Wf2471 Firmware 1.2.30142 Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. | 8.8 |
| 2020-02-11 | CVE-2020-8429 | OS Command Injection vulnerability in Kinetica 7.0.9.2.20191118151947 The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. | 8.8 |
| 2020-02-11 | CVE-2013-0517 | OS Command Injection vulnerability in IBM Sterling External Authentication Server A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code. | 7.8 |
| 2020-02-11 | CVE-2019-14514 | OS Command Injection vulnerability in Microvirt Memu An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. | 9.8 |
| 2020-02-11 | CVE-2013-4267 | OS Command Injection vulnerability in Pydio Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php). | 9.8 |
| 2020-02-07 | CVE-2019-19356 | OS Command Injection vulnerability in Netis-Systems Wf2419 Firmware 1.2.31805/2.2.36123 Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. | 7.5 |