Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-05 | CVE-2019-10149 | OS Command Injection vulnerability in multiple products A flaw was found in Exim versions 4.87 to 4.91 (inclusive). | 9.8 |
| 2019-06-03 | CVE-2019-10883 | OS Command Injection vulnerability in Citrix Sd-Wan Center and Netscaler Sd-Wan Center Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. | 9.8 |
| 2019-06-03 | CVE-2019-6738 | OS Command Injection vulnerability in Bitdefender Safepay 23.0.10.34 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. | 8.8 |
| 2019-06-03 | CVE-2019-6736 | OS Command Injection vulnerability in Bitdefender Safepay 23.0.10.34 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. | 8.8 |
| 2019-06-03 | CVE-2019-12585 | OS Command Injection vulnerability in multiple products Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php. | 9.8 |
| 2019-05-31 | CVE-2019-9653 | OS Command Injection vulnerability in Nuuo Network Video Recorder Firmware NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php. | 9.8 |
| 2019-05-31 | CVE-2019-10048 | OS Command Injection vulnerability in Pydio The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying operating system, with the privileges of the local user running the web server. | 7.2 |
| 2019-05-29 | CVE-2018-19977 | OS Command Injection vulnerability in Auerswald Comfortel 1200 IP Firmware 3.4.4.110589 A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server. | 8.0 |
| 2019-05-29 | CVE-2018-16217 | OS Command Injection vulnerability in Yealink Ultra-Elegant IP Phone Sip-T41P Firmware 66.83.0.35 The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection. | 8.8 |
| 2019-05-23 | CVE-2019-12272 | OS Command Injection vulnerability in Openwrt Luci In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. | 9.8 |