Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-04 | CVE-2018-12313 | OS Command Injection vulnerability in Asustor Data Master 3.1.1 OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter. | 9.8 |
| 2018-12-04 | CVE-2018-12312 | OS Command Injection vulnerability in Asustor Data Master 3.1.1 OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter. | 8.8 |
| 2018-12-04 | CVE-2018-12307 | OS Command Injection vulnerability in Asustor Data Master 3.1.1 OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter. | 8.8 |
| 2018-12-03 | CVE-2018-4021 | OS Command Injection vulnerability in Netgate Pfsense 2.4.4 An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. | 7.2 |
| 2018-12-03 | CVE-2018-4020 | OS Command Injection vulnerability in Netgate Pfsense 2.4.4 An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. | 7.2 |
| 2018-12-03 | CVE-2018-4019 | OS Command Injection vulnerability in Netgate Pfsense 2.4.4 An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. | 7.2 |
| 2018-12-03 | CVE-2018-14706 | OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request. | 9.8 |
| 2018-12-03 | CVE-2018-14701 | OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter. | 9.8 |
| 2018-12-03 | CVE-2018-14699 | OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter. | 9.8 |
| 2018-11-30 | CVE-2018-15716 | OS Command Injection vulnerability in Nuuo Nvrmini2 Firmware 3.9.1 NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. | 8.8 |