Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-06 | CVE-2019-15978 | OS Command Injection vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). | 7.2 |
| 2020-01-06 | CVE-2019-5987 | OS Command Injection vulnerability in Anglers-Net CGI An-Anlyzer 20190624 Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote authenticated attackers to execute arbitrary OS commands via the Management Page. | 9.0 |
| 2020-01-03 | CVE-2012-5878 | OS Command Injection vulnerability in Bulbsecurity Smartphone Pentest Framework 0.1.2/0.1.3/0.1.4 Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl. | 10.0 |
| 2020-01-03 | CVE-2012-5693 | OS Command Injection vulnerability in Bulbsecurity Smartphone Pentest Framework 0.1.2 Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. | 8.3 |
| 2020-01-02 | CVE-2020-5179 | OS Command Injection vulnerability in Comtechtel Stampede Fx-1010 Firmware 7.4.3 Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. | 9.0 |
| 2019-12-31 | CVE-2019-20197 | OS Command Injection vulnerability in Nagios XI 5.6.9 In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account. | 9.0 |
| 2019-12-31 | CVE-2019-3984 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet. | 10.0 |
| 2019-12-31 | CVE-2019-9197 | OS Command Injection vulnerability in Unity3D Unity Editor The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code. | 6.8 |
| 2019-12-30 | CVE-2019-17621 | OS Command Injection vulnerability in Dlink products The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. | 9.8 |
| 2019-12-30 | CVE-2019-10774 | OS Command Injection vulnerability in PHP-Shellcommand Project PHP-Shellcommand php-shellcommand versions before 1.6.1 have a command injection vulnerability. | 10.0 |