Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-06-07 CVE-2019-12771 OS Command Injection vulnerability in Thinstation Project Thinstation
Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring.
network
low complexity
thinstation-project CWE-78
critical
9.8
2019-06-05 CVE-2019-9156 OS Command Injection vulnerability in Gemalto Ezio DS3 Server 2.6.1
Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection.
low complexity
gemalto CWE-78
8.0
2019-06-05 CVE-2019-12739 OS Command Injection vulnerability in Nextcloud Extract
lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters).
network
low complexity
nextcloud CWE-78
8.8
2019-06-05 CVE-2019-12735 OS Command Injection vulnerability in multiple products
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
local
low complexity
vim neovim CWE-78
8.6
2019-06-05 CVE-2019-10149 OS Command Injection vulnerability in multiple products
A flaw was found in Exim versions 4.87 to 4.91 (inclusive).
network
low complexity
exim debian canonical CWE-78
critical
9.8
2019-06-03 CVE-2019-10883 OS Command Injection vulnerability in Citrix Sd-Wan Center and Netscaler Sd-Wan Center
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.
network
low complexity
citrix CWE-78
critical
9.8
2019-06-03 CVE-2019-6738 OS Command Injection vulnerability in Bitdefender Safepay 23.0.10.34
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34.
network
low complexity
bitdefender CWE-78
8.8
2019-06-03 CVE-2019-6736 OS Command Injection vulnerability in Bitdefender Safepay 23.0.10.34
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34.
network
low complexity
bitdefender CWE-78
8.8
2019-06-03 CVE-2019-12585 OS Command Injection vulnerability in multiple products
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.
network
low complexity
apcupsd netgate CWE-78
critical
9.8
2019-05-31 CVE-2019-9653 OS Command Injection vulnerability in Nuuo Network Video Recorder Firmware
NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php.
network
low complexity
nuuo CWE-78
critical
9.8