Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-27 | CVE-2017-2843 | OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37 In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. | 8.8 |
| 2017-06-27 | CVE-2017-2842 | OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37 In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. | 8.8 |
| 2017-06-27 | CVE-2017-2841 | OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37 An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. | 8.8 |
| 2017-06-23 | CVE-2017-9828 | OS Command Injection vulnerability in Vivotek products '/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. | 9.8 |
| 2017-06-21 | CVE-2017-2828 | OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37 An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. | 8.8 |
| 2017-06-21 | CVE-2017-2827 | OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37 An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. | 8.8 |
| 2017-06-19 | CVE-2017-9757 | OS Command Injection vulnerability in Ipfire IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. | 8.8 |
| 2017-06-17 | CVE-2017-9736 | OS Command Injection vulnerability in Spip SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution. | 9.8 |
| 2017-06-13 | CVE-2017-6683 | OS Command Injection vulnerability in Cisco Elastic Services Controller 2.2(9.76) A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability. | 8.8 |
| 2017-06-13 | CVE-2017-6682 | OS Command Injection vulnerability in Cisco Elastic Services Controller 2.2(9.76) A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. | 8.8 |