Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-05 | CVE-2018-16146 | OS Command Injection vulnerability in Opsview 5.4.0/5.4.1 The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. | 7.2 |
| 2018-09-05 | CVE-2018-16144 | OS Command Injection vulnerability in Opsview The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter. | 9.8 |
| 2018-09-03 | CVE-2018-16408 | OS Command Injection vulnerability in D-Link Dir-846 Firmware 100.26 D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. | 7.2 |
| 2018-09-02 | CVE-2018-16334 | OS Command Injection vulnerability in Tendacn Ac10 Firmware and AC9 Firmware An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. | 8.8 |
| 2018-08-30 | CVE-2018-15477 | OS Command Injection vulnerability in Mystrom Wifi Switch Firmware 2.31 myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. | 9.8 |
| 2018-08-30 | CVE-2018-11616 | OS Command Injection vulnerability in Tencent Foxmail 7.2.9.115 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. | 8.8 |
| 2018-08-28 | CVE-2018-15529 | OS Command Injection vulnerability in Mutiny 5.01.00/5.01.10/5.01.11 A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload. | 8.8 |
| 2018-08-27 | CVE-2018-15887 | OS Command Injection vulnerability in Asus Dsl-N12E C1 Firmware 1.1.2.3345 Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request. | 8.8 |
| 2018-08-26 | CVE-2018-15877 | OS Command Injection vulnerability in Plainview Activity Monitor Project Plainview Activity Monitor The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request. | 8.8 |
| 2018-08-24 | CVE-2018-3786 | OS Command Injection vulnerability in Eggjs Egg-Scripts A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument. | 9.8 |