Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-07 | CVE-2019-17148 | OS Command Injection vulnerability in Parallels Desktop 14.1.3 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). | 7.8 |
| 2020-01-07 | CVE-2019-10776 | OS Command Injection vulnerability in Git-Diff-Apply Project Git-Diff-Apply In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. | 9.8 |
| 2020-01-06 | CVE-2019-20348 | OS Command Injection vulnerability in Okerthai G232V1 Firmware 1.03.02.20161129 OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. | 6.8 |
| 2020-01-06 | CVE-2019-19509 | OS Command Injection vulnerability in Rconfig 3.9.3 An issue was discovered in rConfig 3.9.3. | 8.8 |
| 2020-01-06 | CVE-2016-11017 | OS Command Injection vulnerability in Akips Network Monitor The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). | 9.8 |
| 2020-01-06 | CVE-2019-15979 | OS Command Injection vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). | 7.2 |
| 2020-01-06 | CVE-2019-15978 | OS Command Injection vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). | 7.2 |
| 2020-01-06 | CVE-2019-5987 | OS Command Injection vulnerability in Anglers-Net CGI An-Anlyzer 20190624 Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote authenticated attackers to execute arbitrary OS commands via the Management Page. | 8.8 |
| 2020-01-03 | CVE-2012-5878 | OS Command Injection vulnerability in Bulbsecurity Smartphone Pentest Framework 0.1.2/0.1.3/0.1.4 Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl. | 9.8 |
| 2020-01-03 | CVE-2012-5693 | OS Command Injection vulnerability in Bulbsecurity Smartphone Pentest Framework 0.1.2 Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. | 8.8 |