Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-17 | CVE-2019-12181 | OS Command Injection vulnerability in Solarwinds Serv-U FTP Server and Serv-U MFT Server A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. | 8.8 |
| 2019-06-15 | CVE-2019-12840 | OS Command Injection vulnerability in Webmin In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi. | 8.8 |
| 2019-06-15 | CVE-2019-12839 | OS Command Injection vulnerability in Orangehrm In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution. | 8.8 |
| 2019-06-11 | CVE-2018-20841 | OS Command Injection vulnerability in Hootoo Tripmate Titan Ht-Tm05 Firmware 2.000.022/2.000.082 HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request. | 9.8 |
| 2019-06-11 | CVE-2019-3412 | OS Command Injection vulnerability in ZTE Mf920 Firmware All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. | 9.8 |
| 2019-06-11 | CVE-2019-3409 | OS Command Injection vulnerability in ZTE Wf820+ LTE Outdoor CPE Firmware All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. | 8.8 |
| 2019-06-10 | CVE-2019-12787 | OS Command Injection vulnerability in Dlink Dir-818Lw Firmware 2.05.B03/2.06B01 An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. | 8.8 |
| 2019-06-10 | CVE-2019-12780 | OS Command Injection vulnerability in Belkin Crock-Pot Smart Slow Cooker With Wemo Firmware The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. | 9.8 |
| 2019-06-07 | CVE-2018-10702 | OS Command Injection vulnerability in Moxa Awk-3121 Firmware 1.14 An issue was discovered on Moxa AWK-3121 1.14 devices. | 8.8 |
| 2019-06-07 | CVE-2018-10699 | OS Command Injection vulnerability in Moxa Awk-3121 Firmware 1.14 An issue was discovered on Moxa AWK-3121 1.14 devices. | 8.8 |