Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-01 | CVE-2017-9274 | OS Command Injection vulnerability in Opensuse Obs-Service-Source Validator A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. | 7.8 |
| 2018-02-28 | CVE-2015-4117 | OS Command Injection vulnerability in Vestacp Control Panel Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php. | 8.8 |
| 2018-02-28 | CVE-2016-0291 | OS Command Injection vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. | 8.8 |
| 2018-02-26 | CVE-2018-7448 | OS Command Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. | 7.5 |
| 2018-02-23 | CVE-2018-7440 | OS Command Injection vulnerability in multiple products An issue was discovered in Leptonica through 1.75.3. | 9.8 |
| 2018-02-20 | CVE-2018-7046 | OS Command Injection vulnerability in Kentico CMS Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box. | 7.2 |
| 2018-02-16 | CVE-2018-7187 | OS Command Injection vulnerability in multiple products The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. | 8.8 |
| 2018-02-16 | CVE-2017-14535 | OS Command Injection vulnerability in Netfortris Trixbox 2.8.0.4 trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. | 8.8 |
| 2018-02-14 | CVE-2017-6230 | OS Command Injection vulnerability in Ruckuswireless products Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems. | 8.8 |
| 2018-02-14 | CVE-2017-6229 | OS Command Injection vulnerability in Ruckuswireless products Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems. | 8.8 |