Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-05 | CVE-2019-12739 | OS Command Injection vulnerability in Nextcloud Extract lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters). | 8.8 |
| 2019-06-05 | CVE-2019-12735 | OS Command Injection vulnerability in multiple products getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. | 8.6 |
| 2019-06-05 | CVE-2019-10149 | OS Command Injection vulnerability in multiple products A flaw was found in Exim versions 4.87 to 4.91 (inclusive). | 9.8 |
| 2019-06-03 | CVE-2019-10883 | OS Command Injection vulnerability in Citrix Sd-Wan Center and Netscaler Sd-Wan Center Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. | 9.8 |
| 2019-06-03 | CVE-2019-6738 | OS Command Injection vulnerability in Bitdefender Safepay 23.0.10.34 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. | 8.8 |
| 2019-06-03 | CVE-2019-6736 | OS Command Injection vulnerability in Bitdefender Safepay 23.0.10.34 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. | 8.8 |
| 2019-06-03 | CVE-2019-12585 | OS Command Injection vulnerability in multiple products Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php. | 9.8 |
| 2019-05-31 | CVE-2019-9653 | OS Command Injection vulnerability in Nuuo Network Video Recorder Firmware NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php. | 9.8 |
| 2019-05-31 | CVE-2019-10048 | OS Command Injection vulnerability in Pydio The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying operating system, with the privileges of the local user running the web server. | 7.2 |
| 2019-05-29 | CVE-2018-19977 | OS Command Injection vulnerability in Auerswald Comfortel 1200 IP Firmware 3.4.4.110589 A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server. | 8.0 |