Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-13 | CVE-2019-16293 | OS Command Injection vulnerability in Opmantek Open-Audit The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. | 8.8 |
| 2019-09-12 | CVE-2019-10392 | OS Command Injection vulnerability in Jenkins GIT Client Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. | 8.8 |
| 2019-09-09 | CVE-2019-10669 | OS Command Injection vulnerability in Librenms An issue was discovered in LibreNMS through 1.47. | 7.2 |
| 2019-09-06 | CVE-2019-10891 | OS Command Injection vulnerability in Dlink Dir-806 Firmware An issue was discovered in D-Link DIR-806 devices. | 9.8 |
| 2019-09-05 | CVE-2019-15029 | OS Command Injection vulnerability in Fusionpbx 4.4.8 FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). | 8.8 |
| 2019-09-05 | CVE-2019-15949 | OS Command Injection vulnerability in Nagios XI Nagios XI before 5.6.6 allows remote command execution as root. | 8.8 |
| 2019-09-03 | CVE-2019-5475 | OS Command Injection vulnerability in Sonatype Nexus Repository Manager The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability. | 8.8 |
| 2019-08-29 | CVE-2019-11364 | OS Command Injection vulnerability in Prophecyinternational Snare Central An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter. | 7.2 |
| 2019-08-27 | CVE-2019-15701 | OS Command Injection vulnerability in Bloodhound Project Bloodhound 2.2.0 components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomplete feature is used. | 8.8 |
| 2019-08-26 | CVE-2019-15503 | OS Command Injection vulnerability in Altavoz Prontuscms 11.2.101/12.0.3.0 cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter. | 9.8 |