Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-10 | CVE-2017-15226 | OS Command Injection vulnerability in Zyxel Nbg6716 Firmware 1.00(Aakg.9)C0 Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. | 9.8 |
| 2017-10-05 | CVE-2017-1000116 | OS Command Injection vulnerability in multiple products Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | 9.8 |
| 2017-10-03 | CVE-2017-11322 | OS Command Injection vulnerability in Ucopia Wireless Appliance The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client. | 8.2 |
| 2017-10-03 | CVE-2017-11321 | OS Command Injection vulnerability in Ucopia Wireless Appliance 5.1.7 The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command. | 7.2 |
| 2017-09-29 | CVE-2017-14867 | OS Command Injection vulnerability in multiple products Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. | 8.8 |
| 2017-09-26 | CVE-2017-14001 | OS Command Injection vulnerability in Digium Asterisk GUI 2.1.0 An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. | 8.8 |
| 2017-09-22 | CVE-2017-14705 | OS Command Injection vulnerability in Denyall I-Suite and web Application Firewall DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. | 8.1 |
| 2017-09-22 | CVE-2017-11395 | OS Command Injection vulnerability in Trendmicro Smart Protection Server 3.1/3.2 Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations. | 8.8 |
| 2017-09-19 | CVE-2015-3431 | OS Command Injection vulnerability in Pydio Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities." | 9.8 |
| 2017-09-17 | CVE-2017-14500 | OS Command Injection vulnerability in Newsbeuter Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904. | 8.8 |