Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-11 | CVE-2019-17509 | OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A35 D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php. | 9.8 |
| 2019-10-11 | CVE-2019-17508 | OS Command Injection vulnerability in Dlink Dir-850L a Firmware and Dir-859 A3 Firmware On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. | 9.8 |
| 2019-10-11 | CVE-2019-17059 | OS Command Injection vulnerability in Sophos Cyberoamos A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles. | 9.8 |
| 2019-10-11 | CVE-2019-17499 | OS Command Injection vulnerability in Compal Ch7465Lg Firmware 6.12.18.252P4 The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter. | 8.8 |
| 2019-10-10 | CVE-2019-11527 | OS Command Injection vulnerability in Softing Uagate SI Firmware 1.60.01 An issue was discovered in Softing uaGate SI 1.60.01. | 8.8 |
| 2019-10-09 | CVE-2019-15014 | OS Command Injection vulnerability in Zingbox Inspector 1.280/1.281/1.286 A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI. | 8.8 |
| 2019-10-09 | CVE-2019-15715 | OS Command Injection vulnerability in Mantisbt MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. | 7.2 |
| 2019-10-09 | CVE-2019-13051 | OS Command Injection vulnerability in Pi-Hole 4.3 Pi-Hole 4.3 allows Command Injection. | 8.8 |
| 2019-10-08 | CVE-2019-17107 | OS Command Injection vulnerability in Centreon web minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. | 8.8 |
| 2019-10-07 | CVE-2019-12811 | OS Command Injection vulnerability in Activesoft Mybuilder ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. | 9.8 |