Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-12-20 CVE-2018-1000885 OS Command Injection vulnerability in Phkp Project Phkp
PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely.
network
low complexity
phkp-project CWE-78
critical
 9.8
9.8
2018-12-17 CVE-2018-18555 OS Command Injection vulnerability in Vyos 1.1.8
A sandbox escape issue was discovered in VyOS 1.1.8.
network
low complexity
vyos CWE-78
critical
 9.9
9.9
2018-12-14 CVE-2018-19007 OS Command Injection vulnerability in Geutebrueck products
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.
network
low complexity
geutebrueck CWE-78
critical
 9.8
9.8
2018-12-11 CVE-2018-20057 OS Command Injection vulnerability in D-Link Dir-605L Firmware and Dir-619L Firmware
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices.
network
low complexity
d-link CWE-78
8.8
8.8
2018-12-06 CVE-2018-19660 OS Command Injection vulnerability in Moxa Nport W2X50A Firmware 1.11
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311.
network
low complexity
moxa CWE-78
8.8
8.8
2018-12-06 CVE-2018-19659 OS Command Injection vulnerability in Moxa Nport W2X50A Firmware 1.11
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311.
network
low complexity
moxa CWE-78
8.8
8.8
2018-12-06 CVE-2018-19908 OS Command Injection vulnerability in Misp
An issue was discovered in MISP 2.4.9x before 2.4.99.
network
low complexity
misp CWE-78
8.8
8.8
2018-12-06 CVE-2018-19907 OS Command Injection vulnerability in Craftercms Crafter CMS
A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18.
network
low complexity
craftercms CWE-78
8.8
8.8
2018-12-04 CVE-2018-12317 OS Command Injection vulnerability in Asustor Data Master 3.1.1
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.
network
low complexity
asustor CWE-78
8.8
8.8
2018-12-04 CVE-2018-12316 OS Command Injection vulnerability in Asustor Data Master 3.1.1
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.
network
low complexity
asustor CWE-78
8.8
8.8