Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2019-19839 | OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute. | 9.8 |
| 2020-01-23 | CVE-2019-19838 | OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute. | 9.8 |
| 2020-01-23 | CVE-2012-4981 | OS Command Injection vulnerability in Toshiba Configfree 8.0.38 Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability | 8.8 |
| 2020-01-22 | CVE-2019-19842 | OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute. | 9.8 |
| 2020-01-22 | CVE-2019-19841 | OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute. | 9.8 |
| 2020-01-22 | CVE-2019-10780 | OS Command Injection vulnerability in Bibtex-Ruby Project Bibtex-Ruby BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open. | 9.8 |
| 2020-01-21 | CVE-2020-7594 | OS Command Injection vulnerability in Multitech Conduit Mtcdt-Lvw2-246A Firmware 1.4.17Ocea13592 MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function. | 7.2 |
| 2020-01-20 | CVE-2020-7244 | OS Command Injection vulnerability in Comtechtel Stampede Fx-1010 Firmware 7.4.3 Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. | 7.2 |
| 2020-01-20 | CVE-2020-7243 | OS Command Injection vulnerability in Comtechtel Stampede Fx-1010 Firmware 7.4.3 Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. | 7.2 |
| 2020-01-20 | CVE-2020-7242 | OS Command Injection vulnerability in Comtechtel Stampede Fx-1010 Firmware 7.4.3 Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. | 7.2 |