Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-30 | CVE-2019-19606 | OS Command Injection vulnerability in X-Plane X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. | 9.8 |
| 2020-03-25 | CVE-2020-10886 | OS Command Injection vulnerability in Tp-Link Ac1750 Firmware 190726 This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. | 9.8 |
| 2020-03-25 | CVE-2020-10882 | OS Command Injection vulnerability in Tp-Link Ac1750 Firmware 190726 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. | 8.8 |
| 2020-03-25 | CVE-2020-5282 | OS Command Injection vulnerability in Nick Chan BOT Project Nick Chan BOT 1.0.0 In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. | 9.8 |
| 2020-03-25 | CVE-2020-10789 | OS Command Injection vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php. | 9.8 |
| 2020-03-25 | CVE-2020-5561 | OS Command Injection vulnerability in Keijiban Tsumiki Project Keijiban Tsumiki 1.15 Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2020-03-25 | CVE-2020-5560 | OS Command Injection vulnerability in Wl-Enq Project Wl-Enq 1.11/1.12 WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors. | 9.8 |
| 2020-03-25 | CVE-2020-5556 | OS Command Injection vulnerability in Shihonkanri Plus Goout Project Shihonkanri Plus Goout 1.5.8/2.2.10 Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2020-03-23 | CVE-2020-10879 | OS Command Injection vulnerability in Rconfig rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. | 9.8 |
| 2020-03-23 | CVE-2019-19034 | OS Command Injection vulnerability in Zohocorp Manageengine Assetexplorer 6.5 Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. | 7.2 |