Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-25 | CVE-2020-7596 | OS Command Injection vulnerability in Codecov Nodejs Uploader Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument. | 8.8 |
| 2020-01-24 | CVE-2013-1598 | OS Command Injection vulnerability in Vivotek Pt7135 Firmware 0300A/0400A A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code. | 8.8 |
| 2020-01-23 | CVE-2019-19897 | OS Command Injection vulnerability in Ixpdata Easyinstall 6.2.13723 In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. | 9.8 |
| 2020-01-23 | CVE-2019-19839 | OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute. | 9.8 |
| 2020-01-23 | CVE-2019-19838 | OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute. | 9.8 |
| 2020-01-23 | CVE-2012-4981 | OS Command Injection vulnerability in Toshiba Configfree 8.0.38 Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability | 8.8 |
| 2020-01-22 | CVE-2019-19842 | OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute. | 9.8 |
| 2020-01-22 | CVE-2019-19841 | OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute. | 9.8 |
| 2020-01-22 | CVE-2019-10780 | OS Command Injection vulnerability in Bibtex-Ruby Project Bibtex-Ruby BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open. | 9.8 |
| 2020-01-21 | CVE-2020-7594 | OS Command Injection vulnerability in Multitech Conduit Mtcdt-Lvw2-246A Firmware 1.4.17Ocea13592 MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function. | 7.2 |