Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-08-26 CVE-2019-15503 OS Command Injection vulnerability in Altavoz Prontuscms 11.2.101/12.0.3.0
cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter.
network
low complexity
altavoz CWE-78
critical
 9.8
9.8
2019-08-23 CVE-2019-15530 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05.
network
low complexity
dlink CWE-78
8.8
8.8
2019-08-23 CVE-2019-15529 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05.
network
low complexity
dlink CWE-78
8.8
8.8
2019-08-23 CVE-2019-15528 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05.
network
low complexity
dlink CWE-78
8.8
8.8
2019-08-23 CVE-2019-15527 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05.
network
low complexity
dlink CWE-78
8.8
8.8
2019-08-23 CVE-2019-15526 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05.
network
low complexity
dlink CWE-78
8.8
8.8
2019-08-23 CVE-2019-15490 OS Command Injection vulnerability in It-Novum Openitcockpit
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.
network
low complexity
it-novum CWE-78
critical
 9.8
9.8
2019-08-22 CVE-2019-13139 OS Command Injection vulnerability in Docker
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution.
local
low complexity
docker CWE-78
8.4
8.4
2019-08-22 CVE-2019-15060 OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware 0.9.1/0.9.1.4.16/0.9.13.16
The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.
network
low complexity
tp-link CWE-78
8.8
8.8
2019-08-21 CVE-2019-1896 OS Command Injection vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges.
network
low complexity
cisco CWE-78
7.2
7.2