Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-19 | CVE-2017-18044 | OS Command Injection vulnerability in Commvault 11.0 A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. | 9.8 |
| 2018-01-18 | CVE-2018-0115 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. | 6.7 |
| 2018-01-18 | CVE-2018-0099 | OS Command Injection vulnerability in Cisco D9800 Firmware A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. | 8.8 |
| 2018-01-12 | CVE-2018-5371 | OS Command Injection vulnerability in D-Link Dsl-2540U Firmware and Dsl-2640U Firmware diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request. | 8.8 |
| 2018-01-12 | CVE-2018-5347 | OS Command Injection vulnerability in Seagate Personal Cloud Firmware Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled. | 9.8 |
| 2018-01-09 | CVE-2017-18025 | OS Command Injection vulnerability in Innotube Itguard Manager 0.0.0.1 cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter. | 9.8 |
| 2018-01-05 | CVE-2017-16666 | OS Command Injection vulnerability in Xplico Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. | 8.8 |
| 2018-01-03 | CVE-2017-1000487 | OS Command Injection vulnerability in multiple products Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. | 9.8 |
| 2018-01-03 | CVE-2017-1000473 | OS Command Injection vulnerability in Linux-Dash Project Linux-Dash Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root. | 7.8 |
| 2017-12-28 | CVE-2014-8389 | OS Command Injection vulnerability in Airlive products cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests. | 9.8 |