Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-30 | CVE-2018-11616 | OS Command Injection vulnerability in Tencent Foxmail 7.2.9.115 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. | 8.8 |
| 2018-08-28 | CVE-2018-15529 | OS Command Injection vulnerability in Mutiny 5.01.00/5.01.10/5.01.11 A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload. | 8.8 |
| 2018-08-27 | CVE-2018-15887 | OS Command Injection vulnerability in Asus Dsl-N12E C1 Firmware 1.1.2.3345 Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request. | 8.8 |
| 2018-08-26 | CVE-2018-15877 | OS Command Injection vulnerability in Plainview Activity Monitor Project Plainview Activity Monitor The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request. | 8.8 |
| 2018-08-24 | CVE-2018-3786 | OS Command Injection vulnerability in Eggjs Egg-Scripts A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument. | 9.8 |
| 2018-08-21 | CVE-2018-15481 | OS Command Injection vulnerability in Ucopia Wireless Appliance Firmware 5.1.0/5.1.11/5.1.13 Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder. | 8.8 |
| 2018-08-20 | CVE-2018-15553 | OS Command Injection vulnerability in Telus Actiontec T2200H Firmware T2200H31.128L.03 fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field. | 8.8 |
| 2018-08-17 | CVE-2018-3785 | OS Command Injection vulnerability in Git-Dummy-Commit Project Git-Dummy-Commit 1.3.0 A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter. | 9.8 |
| 2018-08-15 | CVE-2018-0427 | OS Command Injection vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module Dnac1.1 A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. | 8.8 |
| 2018-08-15 | CVE-2018-15156 | OS Command Injection vulnerability in Open-Emr Openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php. | 8.8 |