Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-15 | CVE-2019-12839 | OS Command Injection vulnerability in Orangehrm In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution. | 8.8 |
| 2019-06-11 | CVE-2018-20841 | OS Command Injection vulnerability in Hootoo Tripmate Titan Ht-Tm05 Firmware 2.000.022/2.000.082 HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request. | 9.8 |
| 2019-06-11 | CVE-2019-3412 | OS Command Injection vulnerability in ZTE Mf920 Firmware All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. | 9.8 |
| 2019-06-11 | CVE-2019-3409 | OS Command Injection vulnerability in ZTE Wf820+ LTE Outdoor CPE Firmware All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. | 8.8 |
| 2019-06-10 | CVE-2019-12787 | OS Command Injection vulnerability in Dlink Dir-818Lw Firmware 2.05.B03/2.06B01 An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. | 8.8 |
| 2019-06-10 | CVE-2019-12780 | OS Command Injection vulnerability in Belkin Crock-Pot Smart Slow Cooker With Wemo Firmware The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. | 9.8 |
| 2019-06-07 | CVE-2018-10702 | OS Command Injection vulnerability in Moxa Awk-3121 Firmware 1.14 An issue was discovered on Moxa AWK-3121 1.14 devices. | 8.8 |
| 2019-06-07 | CVE-2018-10699 | OS Command Injection vulnerability in Moxa Awk-3121 Firmware 1.14 An issue was discovered on Moxa AWK-3121 1.14 devices. | 8.8 |
| 2019-06-07 | CVE-2018-10697 | OS Command Injection vulnerability in Moxa Awk-3121 Firmware 1.14 An issue was discovered on Moxa AWK-3121 1.14 devices. | 8.8 |
| 2019-06-07 | CVE-2018-5265 | OS Command Injection vulnerability in UI Edgeos 1.9.1 Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters. | 7.2 |