Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-02 | CVE-2017-14100 | OS Command Injection vulnerability in Digium Asterisk In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. | 9.8 |
| 2017-08-31 | CVE-2015-5958 | OS Command Injection vulnerability in PHPfilemanager Project PHPfilemanager 0.9.8 phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL. | 8.8 |
| 2017-08-29 | CVE-2017-10951 | OS Command Injection vulnerability in Foxitsoftware Foxit Reader 8.3.0.14878 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. | 8.8 |
| 2017-08-29 | CVE-2017-10832 | OS Command Injection vulnerability in Nippon-Antenna Scr02Hd Firmware 1.0.3.1000 "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2017-08-28 | CVE-2016-0634 | OS Command Injection vulnerability in GNU Bash 4.3 The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. | 7.5 |
| 2017-08-21 | CVE-2017-11366 | OS Command Injection vulnerability in Codiad components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type. | 9.8 |
| 2017-08-18 | CVE-2017-10811 | OS Command Injection vulnerability in Buffalo Wcr-1166Ds Firmware 1.30 Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | 6.8 |
| 2017-08-17 | CVE-2017-6710 | OS Command Injection vulnerability in Cisco Virtual Network Function Element Manager 5.0.3/5.1.3 A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. | 8.1 |
| 2017-08-14 | CVE-2017-11150 | OS Command Injection vulnerability in Synology Office 2.2.01502/2.2.11506 Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents. | 7.8 |
| 2017-08-06 | CVE-2017-12581 | OS Command Injection vulnerability in Electron GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. | 8.1 |