Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-12-14 CVE-2018-19007 OS Command Injection vulnerability in Geutebrueck products
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.
network
low complexity
geutebrueck CWE-78
critical
 9.8
9.8
2018-12-11 CVE-2018-20057 OS Command Injection vulnerability in D-Link Dir-605L Firmware and Dir-619L Firmware
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices.
network
low complexity
d-link CWE-78
8.8
8.8
2018-12-06 CVE-2018-19660 OS Command Injection vulnerability in Moxa Nport W2X50A Firmware 1.11
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311.
network
low complexity
moxa CWE-78
8.8
8.8
2018-12-06 CVE-2018-19659 OS Command Injection vulnerability in Moxa Nport W2X50A Firmware 1.11
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311.
network
low complexity
moxa CWE-78
8.8
8.8
2018-12-06 CVE-2018-19908 OS Command Injection vulnerability in Misp
An issue was discovered in MISP 2.4.9x before 2.4.99.
network
low complexity
misp CWE-78
8.8
8.8
2018-12-06 CVE-2018-19907 OS Command Injection vulnerability in Craftercms Crafter CMS
A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18.
network
low complexity
craftercms CWE-78
8.8
8.8
2018-12-04 CVE-2018-12317 OS Command Injection vulnerability in Asustor Data Master 3.1.1
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.
network
low complexity
asustor CWE-78
8.8
8.8
2018-12-04 CVE-2018-12316 OS Command Injection vulnerability in Asustor Data Master 3.1.1
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.
network
low complexity
asustor CWE-78
8.8
8.8
2018-12-04 CVE-2018-12313 OS Command Injection vulnerability in Asustor Data Master 3.1.1
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
network
low complexity
asustor CWE-78
critical
 9.8
9.8
2018-12-04 CVE-2018-12312 OS Command Injection vulnerability in Asustor Data Master 3.1.1
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.
network
low complexity
asustor CWE-78
8.8
8.8