Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-03-07 CVE-2018-1000118 OS Command Injection vulnerability in Electronjs Electron
Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute.
network
low complexity
electronjs CWE-78
8.8
2018-03-06 CVE-2018-6530 OS Command Injection vulnerability in Dlink products
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
network
low complexity
dlink CWE-78
critical
9.8
2018-03-05 CVE-2018-7664 OS Command Injection vulnerability in Clip-Bucket Clipbucket
An issue was discovered in ClipBucket before 4.0.0 Release 4902.
network
low complexity
clip-bucket CWE-78
critical
9.8
2018-03-01 CVE-2017-9274 OS Command Injection vulnerability in Opensuse Obs-Service-Source Validator
A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.
local
low complexity
opensuse CWE-78
7.8
2018-02-28 CVE-2015-4117 OS Command Injection vulnerability in Vestacp Control Panel
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.
network
low complexity
vestacp CWE-78
8.8
2018-02-28 CVE-2016-0291 OS Command Injection vulnerability in IBM Bigfix Platform
IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access.
network
low complexity
ibm CWE-78
8.8
2018-02-26 CVE-2018-7448 OS Command Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.
network
high complexity
cmsmadesimple CWE-78
7.5
2018-02-23 CVE-2018-7440 OS Command Injection vulnerability in multiple products
An issue was discovered in Leptonica through 1.75.3.
network
low complexity
leptonica debian CWE-78
critical
9.8
2018-02-20 CVE-2018-7046 OS Command Injection vulnerability in Kentico CMS
Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box.
network
low complexity
kentico CWE-78
7.2
2018-02-16 CVE-2018-7187 OS Command Injection vulnerability in multiple products
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.
network
low complexity
golang debian CWE-78
8.8