Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-29 | CVE-2019-20215 | OS Command Injection vulnerability in Dlink Dir-859 Firmware 1.05/1.06B01 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. | 9.8 |
| 2020-01-28 | CVE-2013-1599 | OS Command Injection vulnerability in Dlink products A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface. | 9.8 |
| 2020-01-28 | CVE-2012-6610 | OS Command Injection vulnerability in Polycom HDX Video END Points and UC APL Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature. | 8.8 |
| 2020-01-28 | CVE-2013-2060 | OS Command Injection vulnerability in Redhat Openshift 1.0 The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | 9.8 |
| 2020-01-27 | CVE-2013-2612 | OS Command Injection vulnerability in Huawei E587 Firmware 11.203.27 Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI. | 9.8 |
| 2020-01-27 | CVE-2014-8563 | OS Command Injection vulnerability in Synacor Zimbra Collaboration Server Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. | 9.8 |
| 2020-01-27 | CVE-2019-19824 | OS Command Injection vulnerability in Totolink products On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. | 8.8 |
| 2020-01-27 | CVE-2019-17095 | OS Command Injection vulnerability in Bitdefender BOX 2 Firmware 2.1.47.42/2.1.53.45 A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. | 9.8 |
| 2020-01-27 | CVE-2019-17096 | OS Command Injection vulnerability in Bitdefender BOX 2 Firmware and Central A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command. | 9.8 |
| 2020-01-26 | CVE-2019-12629 | OS Command Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. | 7.2 |