Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-09 | CVE-2019-10631 | OS Command Injection vulnerability in Zyxel Nas326 Firmware Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests. | 6.5 |
| 2019-04-08 | CVE-2019-11001 | OS Command Injection vulnerability in Reolink products On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. | 9.0 |
| 2019-04-01 | CVE-2019-9193 | OS Command Injection vulnerability in Postgresql In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. | 7.2 |
| 2019-04-01 | CVE-2018-17990 | OS Command Injection vulnerability in Dlink Dsl-3782 Firmware 1.01 An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. | 9.0 |
| 2019-04-01 | CVE-2018-17565 | OS Command Injection vulnerability in Grandstream products Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell. | 10.0 |
| 2019-04-01 | CVE-2018-5757 | OS Command Injection vulnerability in Audiocodes 420Hd IP Phone Firmware 3.0.0.535.106 An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. | 9.0 |
| 2019-04-01 | CVE-2018-13285 | OS Command Injection vulnerability in Synology Router Manager Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | 9.0 |
| 2019-04-01 | CVE-2018-13284 | OS Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | 9.0 |
| 2019-03-30 | CVE-2019-10662 | OS Command Injection vulnerability in Grandstream Ucm6204 Firmware Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI. | 8.8 |
| 2019-03-30 | CVE-2019-10660 | OS Command Injection vulnerability in Grandstream Gxv3611Ir HD Firmware Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. | 8.8 |