Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-05 | CVE-2019-19609 | OS Command Injection vulnerability in Strapi The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function. | 7.2 |
| 2019-12-01 | CVE-2019-19469 | OS Command Injection vulnerability in Zmanda Amanda 3.3.9 In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. | 8.8 |
| 2019-11-27 | CVE-2011-2523 | OS Command Injection vulnerability in multiple products vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp. | 9.8 |
| 2019-11-27 | CVE-2019-18184 | OS Command Injection vulnerability in Crestron Dmc-Stro Firmware 1.0 Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function. | 9.8 |
| 2019-11-27 | CVE-2017-12945 | OS Command Injection vulnerability in Mersive Solstice Firmware Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root. | 8.8 |
| 2019-11-27 | CVE-2019-15298 | OS Command Injection vulnerability in Centreon web A problem was found in Centreon Web through 19.04.3. | 8.8 |
| 2019-11-26 | CVE-2019-16242 | OS Command Injection vulnerability in Alcatelmobile Cingular Flip 2 Firmware B9Huah1 On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. | 6.8 |
| 2019-11-26 | CVE-2019-12489 | OS Command Injection vulnerability in Fastweb Askey Rtv1907Vw Firmware 0.00.81 An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. | 9.8 |
| 2019-11-26 | CVE-2019-15997 | OS Command Injection vulnerability in Cisco DNA Spaces: Connector A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. | 6.7 |
| 2019-11-26 | CVE-2019-15996 | OS Command Injection vulnerability in Cisco DNA Spaces: Connector 2.0/2.0.519 A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. | 6.7 |