Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-12 | CVE-2020-8946 | OS Command Injection vulnerability in Netis-Systems Wf2471 Firmware 1.2.30142 Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. | 8.8 |
| 2020-02-11 | CVE-2020-8429 | OS Command Injection vulnerability in Kinetica 7.0.9.2.20191118151947 The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. | 8.8 |
| 2020-02-11 | CVE-2013-0517 | OS Command Injection vulnerability in IBM Sterling External Authentication Server A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code. | 7.8 |
| 2020-02-11 | CVE-2019-14514 | OS Command Injection vulnerability in Microvirt Memu An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. | 9.8 |
| 2020-02-11 | CVE-2013-4267 | OS Command Injection vulnerability in Pydio Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php). | 9.8 |
| 2020-02-07 | CVE-2019-19356 | OS Command Injection vulnerability in Netis-Systems Wf2419 Firmware 1.2.31805/2.2.36123 Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. | 7.5 |
| 2020-02-07 | CVE-2020-8126 | OS Command Injection vulnerability in UI Edgeswitch A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). | 7.8 |
| 2020-02-07 | CVE-2020-8654 | OS Command Injection vulnerability in Eyesofnetwork 5.30 An issue was discovered in EyesOfNetwork 5.3. | 8.8 |
| 2020-02-06 | CVE-2020-6760 | OS Command Injection vulnerability in Schmid-Telecom ZI 620 V400 Firmware 090 Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping. | 9.8 |
| 2020-02-06 | CVE-2019-10789 | OS Command Injection vulnerability in Curling Project Curling All versions of curling.js are vulnerable to Command Injection via the run function. | 9.8 |