Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-05-31 | CVE-2018-11139 | OS Command Injection vulnerability in Quest Kace System Management Appliance 8.0.318 The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. | 8.8 |
2018-05-31 | CVE-2018-11138 | OS Command Injection vulnerability in Quest Kace System Management Appliance 8.0.318 The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system. | 9.8 |
2018-05-31 | CVE-2018-11132 | OS Command Injection vulnerability in Quest Kace System Management Appliance 8.0.318 In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. | 8.8 |
2018-05-29 | CVE-2018-1242 | OS Command Injection vulnerability in EMC Recoverpoint and Recoverpoint for Virtual Machines Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. | 6.5 |
2018-05-29 | CVE-2018-1235 | OS Command Injection vulnerability in EMC Recoverpoint and Recoverpoint for Virtual Machines Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. | 9.8 |
2018-05-23 | CVE-2018-10354 | OS Command Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. | 8.8 |
2018-05-19 | CVE-2018-4924 | OS Command Injection vulnerability in Adobe Dreamweaver Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. | 9.8 |
2018-05-19 | CVE-2018-4923 | OS Command Injection vulnerability in Adobe Connect Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. | 9.1 |
2018-05-18 | CVE-2018-10967 | OS Command Injection vulnerability in D-Link Dir-550A Firmware and Dir-604M Firmware On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution. | 8.8 |
2018-05-17 | CVE-2018-10730 | OS Command Injection vulnerability in Phoenixcontact products All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection. | 9.1 |