Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-25 | CVE-2020-10789 | OS Command Injection vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php. | 9.8 |
| 2020-03-25 | CVE-2020-5561 | OS Command Injection vulnerability in Keijiban Tsumiki Project Keijiban Tsumiki 1.15 Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2020-03-25 | CVE-2020-5560 | OS Command Injection vulnerability in Wl-Enq Project Wl-Enq 1.11/1.12 WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors. | 9.8 |
| 2020-03-25 | CVE-2020-5556 | OS Command Injection vulnerability in Shihonkanri Plus Goout Project Shihonkanri Plus Goout 1.5.8/2.2.10 Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2020-03-23 | CVE-2020-10879 | OS Command Injection vulnerability in Rconfig rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. | 9.8 |
| 2020-03-23 | CVE-2019-19034 | OS Command Injection vulnerability in Zohocorp Manageengine Assetexplorer 6.5 Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. | 7.2 |
| 2020-03-23 | CVE-2016-11022 | OS Command Injection vulnerability in Netgear products NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php. | 7.2 |
| 2020-03-22 | CVE-2020-10818 | OS Command Injection vulnerability in Articatech Artica Proxy 4.26 Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. | 7.2 |
| 2020-03-22 | CVE-2020-10808 | OS Command Injection vulnerability in Vestacp Vesta Control Panel Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. | 8.8 |
| 2020-03-21 | CVE-2019-12767 | OS Command Injection vulnerability in Dlink Dap-1650 Firmware An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. | 9.8 |