Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-07 | CVE-2018-1000118 | OS Command Injection vulnerability in Electronjs Electron Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. | 8.8 |
2018-03-06 | CVE-2018-6530 | OS Command Injection vulnerability in Dlink products OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. | 9.8 |
2018-03-05 | CVE-2018-7664 | OS Command Injection vulnerability in Clip-Bucket Clipbucket An issue was discovered in ClipBucket before 4.0.0 Release 4902. | 9.8 |
2018-03-01 | CVE-2017-9274 | OS Command Injection vulnerability in Opensuse Obs-Service-Source Validator A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. | 7.8 |
2018-02-28 | CVE-2015-4117 | OS Command Injection vulnerability in Vestacp Control Panel Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php. | 8.8 |
2018-02-28 | CVE-2016-0291 | OS Command Injection vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. | 8.8 |
2018-02-26 | CVE-2018-7448 | OS Command Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. | 7.5 |
2018-02-23 | CVE-2018-7440 | OS Command Injection vulnerability in multiple products An issue was discovered in Leptonica through 1.75.3. | 9.8 |
2018-02-20 | CVE-2018-7046 | OS Command Injection vulnerability in Kentico CMS Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box. | 7.2 |
2018-02-16 | CVE-2018-7187 | OS Command Injection vulnerability in multiple products The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. | 8.8 |