Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-13307 | OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8 System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. | 9.8 |
| 2018-11-27 | CVE-2018-13306 | OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8 System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. | 9.8 |
| 2018-11-27 | CVE-2018-13023 | OS Command Injection vulnerability in MI Miwifi OS 2.22.15 System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter. | 8.8 |
| 2018-11-27 | CVE-2018-16090 | OS Command Injection vulnerability in Lenovo System Management Module Firmware 1.05 In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection. | 7.5 |
| 2018-11-27 | CVE-2018-16089 | OS Command Injection vulnerability in Lenovo System Management Module Firmware 1.05 In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user. | 7.5 |
| 2018-11-26 | CVE-2018-13320 | OS Command Injection vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. | 7.2 |
| 2018-11-26 | CVE-2018-13318 | OS Command Injection vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. | 7.2 |
| 2018-11-26 | CVE-2018-13311 | OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8 System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter. | 9.8 |
| 2018-11-26 | CVE-2018-11077 | OS Command Injection vulnerability in multiple products 'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. | 6.7 |
| 2018-11-20 | CVE-2018-18859 | OS Command Injection vulnerability in Liquidvpn 1.36/1.37 Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. | 7.8 |