Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-06 | CVE-2018-19907 | OS Command Injection vulnerability in Craftercms Crafter CMS A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. | 8.8 |
| 2018-12-04 | CVE-2018-12317 | OS Command Injection vulnerability in Asustor Data Master 3.1.1 OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter. | 8.8 |
| 2018-12-04 | CVE-2018-12316 | OS Command Injection vulnerability in Asustor Data Master 3.1.1 OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter. | 8.8 |
| 2018-12-04 | CVE-2018-12313 | OS Command Injection vulnerability in Asustor Data Master 3.1.1 OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter. | 9.8 |
| 2018-12-04 | CVE-2018-12312 | OS Command Injection vulnerability in Asustor Data Master 3.1.1 OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter. | 8.8 |
| 2018-12-04 | CVE-2018-12307 | OS Command Injection vulnerability in Asustor Data Master 3.1.1 OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter. | 8.8 |
| 2018-12-03 | CVE-2018-4021 | OS Command Injection vulnerability in Netgate Pfsense 2.4.4 An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. | 7.2 |
| 2018-12-03 | CVE-2018-4020 | OS Command Injection vulnerability in Netgate Pfsense 2.4.4 An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. | 7.2 |
| 2018-12-03 | CVE-2018-4019 | OS Command Injection vulnerability in Netgate Pfsense 2.4.4 An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. | 7.2 |
| 2018-12-03 | CVE-2018-14706 | OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request. | 9.8 |