Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-30 | CVE-2020-1931 | OS Command Injection vulnerability in Apache Spamassassin A command execution issue was found in Apache SpamAssassin prior to 3.4.3. | 8.1 |
| 2020-01-30 | CVE-2020-1930 | OS Command Injection vulnerability in Apache Spamassassin A command execution issue was found in Apache SpamAssassin prior to 3.4.3. | 8.1 |
| 2020-01-30 | CVE-2019-20050 | OS Command Injection vulnerability in Artica Pandora FMS 7.42 Pandora FMS = 7.42 suffers from a remote code execution vulnerability. | 6.8 |
| 2020-01-29 | CVE-2020-8438 | OS Command Injection vulnerability in Arris Ruckus Zoneflex R500 Firmware 104.0.0.0.1347 Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring. | 7.2 |
| 2020-01-29 | CVE-2019-10783 | OS Command Injection vulnerability in Isof Project Isof All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. | 9.8 |
| 2020-01-29 | CVE-2013-2573 | OS Command Injection vulnerability in Tp-Link products A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. | 9.8 |
| 2020-01-29 | CVE-2013-2570 | OS Command Injection vulnerability in Zavio F3105 Firmware and F312A Firmware A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code. | 9.8 |
| 2020-01-29 | CVE-2013-2568 | OS Command Injection vulnerability in Zavio F3105 Firmware and F312A Firmware A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code. | 9.8 |
| 2020-01-29 | CVE-2019-20217 | OS Command Injection vulnerability in Dlink Dir-859 Firmware 1.05/1.06B01 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. | 9.8 |
| 2020-01-29 | CVE-2019-20216 | OS Command Injection vulnerability in Dlink Dir-859 Firmware 1.05/1.06B01 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. | 9.8 |