Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-12 | CVE-2020-8949 | OS Command Injection vulnerability in Gocloud products Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring. | 8.8 |
| 2020-02-12 | CVE-2020-8947 | OS Command Injection vulnerability in Artica Pandora FMS 7.0 functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224. | 7.2 |
| 2020-02-12 | CVE-2020-8946 | OS Command Injection vulnerability in Netis-Systems Wf2471 Firmware 1.2.30142 Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. | 8.8 |
| 2020-02-11 | CVE-2020-8429 | OS Command Injection vulnerability in Kinetica 7.0.9.2.20191118151947 The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. | 8.8 |
| 2020-02-11 | CVE-2013-0517 | OS Command Injection vulnerability in IBM Sterling External Authentication Server A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code. | 7.8 |
| 2020-02-11 | CVE-2019-14514 | OS Command Injection vulnerability in Microvirt Memu An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. | 9.8 |
| 2020-02-11 | CVE-2013-4267 | OS Command Injection vulnerability in Pydio Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php). | 9.8 |
| 2020-02-07 | CVE-2019-19356 | OS Command Injection vulnerability in Netis-Systems Wf2419 Firmware 1.2.31805/2.2.36123 Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. | 7.5 |
| 2020-02-07 | CVE-2020-8126 | OS Command Injection vulnerability in UI Edgeswitch A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). | 7.8 |
| 2020-02-07 | CVE-2020-8654 | OS Command Injection vulnerability in Eyesofnetwork 5.30 An issue was discovered in EyesOfNetwork 5.3. | 8.8 |