Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-13 | CVE-2018-6911 | OS Command Injection vulnerability in Advantech Webaccess 8.3.0 The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). | 9.8 |
| 2018-02-12 | CVE-2018-6926 | OS Command Injection vulnerability in Misp 2.4.87 In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. | 7.2 |
| 2018-02-09 | CVE-2018-1000043 | OS Command Injection vulnerability in Securityonion Squert Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. | 9.8 |
| 2018-02-09 | CVE-2018-1000042 | OS Command Injection vulnerability in Securityonion Squert Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. | 9.8 |
| 2018-02-09 | CVE-2018-1000019 | OS Command Injection vulnerability in Open-Emr Openemr 5.0.0 OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. | 8.8 |
| 2018-02-08 | CVE-2018-0514 | OS Command Injection vulnerability in Futomi MP Form Mail CGI MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2018-02-08 | CVE-2018-0512 | OS Command Injection vulnerability in Iodata products Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. | 6.8 |
| 2018-02-08 | CVE-2018-0122 | OS Command Injection vulnerability in Cisco Staros 21.3.0.67664 A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. | 4.4 |
| 2018-02-07 | CVE-2018-6791 | OS Command Injection vulnerability in multiple products An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. | 6.8 |
| 2018-02-03 | CVE-2018-1185 | OS Command Injection vulnerability in Dell products An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. | 6.7 |