Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-21 | CVE-2018-15481 | OS Command Injection vulnerability in Ucopia Wireless Appliance Firmware 5.1.0/5.1.11/5.1.13 Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder. | 8.8 |
| 2018-08-20 | CVE-2018-15553 | OS Command Injection vulnerability in Telus Actiontec T2200H Firmware T2200H31.128L.03 fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field. | 8.8 |
| 2018-08-17 | CVE-2018-3785 | OS Command Injection vulnerability in Git-Dummy-Commit Project Git-Dummy-Commit 1.3.0 A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter. | 9.8 |
| 2018-08-15 | CVE-2018-0427 | OS Command Injection vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module Dnac1.1 A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. | 8.8 |
| 2018-08-15 | CVE-2018-15156 | OS Command Injection vulnerability in Open-Emr Openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php. | 8.8 |
| 2018-08-15 | CVE-2018-15155 | OS Command Injection vulnerability in Open-Emr Openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the "hylafax_enscript" global variable in interface/super/edit_globals.php. | 8.8 |
| 2018-08-15 | CVE-2018-15154 | OS Command Injection vulnerability in Open-Emr Openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the "print_command" global variable in interface/super/edit_globals.php. | 8.8 |
| 2018-08-15 | CVE-2018-15153 | OS Command Injection vulnerability in Open-Emr Openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php. | 8.8 |
| 2018-08-14 | CVE-2018-3937 | OS Command Injection vulnerability in Sony products An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. | 7.2 |
| 2018-08-04 | CVE-2018-14933 | OS Command Injection vulnerability in Nuuo Nvrmini Firmware 2016 upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. | 9.8 |