Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-03 | CVE-2018-14706 | OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request. | 9.8 |
| 2018-12-03 | CVE-2018-14701 | OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter. | 9.8 |
| 2018-12-03 | CVE-2018-14699 | OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter. | 9.8 |
| 2018-11-30 | CVE-2018-15716 | OS Command Injection vulnerability in Nuuo Nvrmini2 Firmware 3.9.1 NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. | 8.8 |
| 2018-11-30 | CVE-2018-19290 | OS Command Injection vulnerability in Budabot In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact, as demonstrated by the "!calc 5 x 5" command. | 9.8 |
| 2018-11-28 | CVE-2018-19646 | OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10 The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. | 9.8 |
| 2018-11-27 | CVE-2018-13418 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter. | 8.8 |
| 2018-11-27 | CVE-2018-13358 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter. | 8.8 |
| 2018-11-27 | CVE-2018-13354 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter. | 9.8 |
| 2018-11-27 | CVE-2018-13353 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter. | 8.8 |