Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-15 | CVE-2020-1602 | OS Command Injection vulnerability in Juniper Junos When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. | 8.8 |
| 2020-01-14 | CVE-2020-5505 | OS Command Injection vulnerability in Vaaip Freelancy 1.0.0 Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI. | 9.8 |
| 2020-01-13 | CVE-2020-6948 | OS Command Injection vulnerability in Hashbrowncms Hashbrown CMS A remote code execution issue was discovered in HashBrown CMS through 1.3.3. | 9.8 |
| 2020-01-13 | CVE-2019-18894 | OS Command Injection vulnerability in Avast Premium Security 19.8.2393 In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. | 7.8 |
| 2020-01-09 | CVE-2020-6757 | OS Command Injection vulnerability in Rasilient Pixelstor 5000 Firmware 4.0.158020150629 contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows authenticated attackers to remotely execute code via the name parameter. | 8.8 |
| 2020-01-09 | CVE-2020-6756 | OS Command Injection vulnerability in Rasilient Pixelstor 5000 Firmware 4.0.158020150629 languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter. | 9.8 |
| 2020-01-09 | CVE-2019-20224 | OS Command Injection vulnerability in Artica Pandora FMS 7.0Ng netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. | 8.8 |
| 2020-01-09 | CVE-2014-2650 | OS Command Injection vulnerability in Atos products Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface | 9.8 |
| 2020-01-08 | CVE-2019-10777 | OS Command Injection vulnerability in Amazon AWS Lambda In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. | 9.8 |
| 2020-01-08 | CVE-2019-10778 | OS Command Injection vulnerability in Devcert-Sanscache Project Devcert-Sanscache devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. | 9.8 |