Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2013-2612 | OS Command Injection vulnerability in Huawei E587 Firmware 11.203.27 Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI. | 9.8 |
| 2020-01-27 | CVE-2014-8563 | OS Command Injection vulnerability in Synacor Zimbra Collaboration Server Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. | 9.8 |
| 2020-01-27 | CVE-2019-19824 | OS Command Injection vulnerability in Totolink products On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. | 8.8 |
| 2020-01-27 | CVE-2019-17095 | OS Command Injection vulnerability in Bitdefender BOX 2 Firmware 2.1.47.42/2.1.53.45 A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. | 9.8 |
| 2020-01-27 | CVE-2019-17096 | OS Command Injection vulnerability in Bitdefender BOX 2 Firmware and Central A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command. | 9.8 |
| 2020-01-26 | CVE-2019-12629 | OS Command Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. | 7.2 |
| 2020-01-25 | CVE-2020-7980 | OS Command Injection vulnerability in Intelliantech Aptus web 1.24 Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. | 9.8 |
| 2020-01-25 | CVE-2020-7596 | OS Command Injection vulnerability in Codecov Nodejs Uploader Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument. | 8.8 |
| 2020-01-24 | CVE-2013-1598 | OS Command Injection vulnerability in Vivotek Pt7135 Firmware 0300A/0400A A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code. | 8.8 |
| 2020-01-23 | CVE-2019-19897 | OS Command Injection vulnerability in Ixpdata Easyinstall 6.2.13723 In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. | 9.8 |