Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-02-01 | CVE-2019-7301 | OS Command Injection vulnerability in Zevenet ZEN Load Balancer 3.10.1 Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter. | 9.0 |
2019-02-01 | CVE-2019-7298 | OS Command Injection vulnerability in Dlink Dir-823G Firmware An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. | 9.3 |
2019-01-31 | CVE-2019-7297 | OS Command Injection vulnerability in D-Link Dir-823G Firmware An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. | 9.8 |
2019-01-30 | CVE-2019-3913 | OS Command Injection vulnerability in Labkey Server Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service. | 4.0 |
2019-01-24 | CVE-2018-12237 | OS Command Injection vulnerability in Symantec Reporter The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. | 9.0 |
2019-01-24 | CVE-2018-17707 | OS Command Injection vulnerability in Epicgames Launcher This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Epic Games Launcher versions prior to 8.2.2. | 6.8 |
2019-01-23 | CVE-2019-1636 | OS Command Injection vulnerability in Cisco Webex Teams 3.0.4533 A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. | 9.3 |
2019-01-22 | CVE-2018-6444 | OS Command Injection vulnerability in multiple products A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. | 10.0 |
2019-01-18 | CVE-2019-6487 | OS Command Injection vulnerability in Tp-Link products TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field. | 6.5 |
2019-01-17 | CVE-2018-20727 | OS Command Injection vulnerability in Nedi Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php. | 6.5 |