Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-14 | CVE-2020-5505 | OS Command Injection vulnerability in Vaaip Freelancy 1.0.0 Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI. | 9.8 |
2020-01-13 | CVE-2020-6948 | OS Command Injection vulnerability in Hashbrowncms Hashbrown CMS A remote code execution issue was discovered in HashBrown CMS through 1.3.3. | 9.8 |
2020-01-13 | CVE-2019-18894 | OS Command Injection vulnerability in Avast Premium Security 19.8.2393 In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. | 7.8 |
2020-01-09 | CVE-2020-6757 | OS Command Injection vulnerability in Rasilient Pixelstor 5000 Firmware 4.0.158020150629 contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows authenticated attackers to remotely execute code via the name parameter. | 8.8 |
2020-01-09 | CVE-2020-6756 | OS Command Injection vulnerability in Rasilient Pixelstor 5000 Firmware 4.0.158020150629 languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter. | 9.8 |
2020-01-09 | CVE-2019-20224 | OS Command Injection vulnerability in Artica Pandora FMS 7.0Ng netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. | 8.8 |
2020-01-09 | CVE-2014-2650 | OS Command Injection vulnerability in Atos products Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface | 9.8 |
2020-01-08 | CVE-2019-10777 | OS Command Injection vulnerability in Amazon AWS Lambda In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. | 9.8 |
2020-01-08 | CVE-2019-10778 | OS Command Injection vulnerability in Devcert-Sanscache Project Devcert-Sanscache devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. | 9.8 |
2020-01-07 | CVE-2019-17148 | OS Command Injection vulnerability in Parallels Desktop 14.1.3 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). | 7.8 |