Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-05-31 CVE-2018-11139 OS Command Injection vulnerability in Quest Kace System Management Appliance 8.0.318
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system.
network
low complexity
quest CWE-78
8.8
2018-05-31 CVE-2018-11138 OS Command Injection vulnerability in Quest Kace System Management Appliance 8.0.318
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
network
low complexity
quest CWE-78
critical
9.8
2018-05-31 CVE-2018-11132 OS Command Injection vulnerability in Quest Kace System Management Appliance 8.0.318
In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed.
network
low complexity
quest CWE-78
8.8
2018-05-29 CVE-2018-1242 OS Command Injection vulnerability in EMC Recoverpoint and Recoverpoint for Virtual Machines
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI.
network
low complexity
emc CWE-78
6.5
2018-05-29 CVE-2018-1235 OS Command Injection vulnerability in EMC Recoverpoint and Recoverpoint for Virtual Machines
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability.
network
low complexity
emc CWE-78
critical
9.8
2018-05-23 CVE-2018-10354 OS Command Injection vulnerability in Trendmicro Email Encryption Gateway 5.5
A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer.
network
low complexity
trendmicro CWE-78
8.8
2018-05-19 CVE-2018-4924 OS Command Injection vulnerability in Adobe Dreamweaver
Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability.
network
low complexity
adobe CWE-78
critical
9.8
2018-05-19 CVE-2018-4923 OS Command Injection vulnerability in Adobe Connect
Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection.
network
low complexity
adobe CWE-78
critical
9.1
2018-05-18 CVE-2018-10967 OS Command Injection vulnerability in D-Link Dir-550A Firmware and Dir-604M Firmware
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution.
network
low complexity
d-link CWE-78
8.8
2018-05-17 CVE-2018-10730 OS Command Injection vulnerability in Phoenixcontact products
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.
network
low complexity
phoenixcontact CWE-78
critical
9.1