Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-11 | CVE-2019-13561 | OS Command Injection vulnerability in Dlink Dir-655 Firmware 3.02B05 D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. | 10.0 |
| 2019-07-10 | CVE-2019-13482 | OS Command Injection vulnerability in Dlink Dir-818Lw Firmware 2.06 An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. | 9.0 |
| 2019-07-10 | CVE-2019-13481 | OS Command Injection vulnerability in Dlink Dir-818Lw Firmware 2.06 An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. | 9.0 |
| 2019-07-10 | CVE-2019-0328 | OS Command Injection vulnerability in SAP Netweaver Process Integration ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. | 9.0 |
| 2019-07-10 | CVE-2019-13278 | OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. | 10.0 |
| 2019-07-10 | CVE-2018-14495 | OS Command Injection vulnerability in Vivotek Fd8136 Firmware 0301A Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. | 9.8 |
| 2019-07-10 | CVE-2018-14494 | OS Command Injection vulnerability in Vivotek Fd8136 Firmware 0301A Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. | 9.8 |
| 2019-07-08 | CVE-2019-13398 | OS Command Injection vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi. | 9.0 |
| 2019-07-06 | CVE-2019-1893 | OS Command Injection vulnerability in Cisco Enterprise NFV Infrastructure Software 3.9.1 A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. | 7.2 |
| 2019-07-03 | CVE-2018-14860 | OS Command Injection vulnerability in Odoo 10.0/11.0/8.0 Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system. | 9.0 |