Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-18 | CVE-2018-0099 | OS Command Injection vulnerability in Cisco D9800 Firmware A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. | 8.8 |
| 2018-01-12 | CVE-2018-5371 | OS Command Injection vulnerability in D-Link Dsl-2540U Firmware and Dsl-2640U Firmware diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request. | 8.8 |
| 2018-01-12 | CVE-2018-5347 | OS Command Injection vulnerability in Seagate Personal Cloud Firmware Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled. | 9.8 |
| 2018-01-09 | CVE-2017-18025 | OS Command Injection vulnerability in Innotube Itguard Manager 0.0.0.1 cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter. | 9.8 |
| 2018-01-05 | CVE-2017-16666 | OS Command Injection vulnerability in Xplico Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. | 8.8 |
| 2018-01-03 | CVE-2017-1000487 | OS Command Injection vulnerability in multiple products Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. | 9.8 |
| 2018-01-03 | CVE-2017-1000473 | OS Command Injection vulnerability in Linux-Dash Project Linux-Dash Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root. | 7.8 |
| 2017-12-28 | CVE-2014-8389 | OS Command Injection vulnerability in Airlive products cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests. | 9.8 |
| 2017-12-27 | CVE-2017-17888 | OS Command Injection vulnerability in Hoytech Antiweb cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097. | 8.8 |
| 2017-12-21 | CVE-2017-17411 | OS Command Injection vulnerability in Linksys Wvbr0 Firmware This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. | 9.8 |