Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-19 | CVE-2018-1144 | OS Command Injection vulnerability in Belkin N750 Firmware 1.10.22 A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. | 9.8 |
| 2018-04-19 | CVE-2018-1143 | OS Command Injection vulnerability in Belkin N750 Firmware 1.10.22 A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi. | 9.8 |
| 2018-04-19 | CVE-2018-1167 | OS Command Injection vulnerability in Spotify 1.0.69.336 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Spotify Music Player 1.0.69.336. | 8.8 |
| 2018-04-18 | CVE-2018-8735 | OS Command Injection vulnerability in Nagios XI Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection. | 8.8 |
| 2018-04-11 | CVE-2017-14459 | OS Command Injection vulnerability in Moxa Awk-3131A Firmware An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). | 9.8 |
| 2018-04-09 | CVE-2018-0556 | OS Command Injection vulnerability in Buffalo Wzr-1750Dhp2 Firmware 2.28/2.30 Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 8.8 |
| 2018-04-09 | CVE-2018-0545 | OS Command Injection vulnerability in LXR Project LXR LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2018-04-04 | CVE-2018-9285 | OS Command Injection vulnerability in Asus products Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable. | 9.8 |
| 2018-04-02 | CVE-2018-0194 | OS Command Injection vulnerability in Cisco IOS XE Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. | 7.8 |
| 2018-03-28 | CVE-2018-0193 | OS Command Injection vulnerability in Cisco IOS XE Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. | 7.8 |