Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-12 | CVE-2017-4053 | OS Command Injection vulnerability in Mcafee Advanced Threat Defense Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. | 9.8 |
| 2017-07-10 | CVE-2017-7175 | OS Command Injection vulnerability in Nfsen 1.2.3/1.3.7 NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field). | 9.9 |
| 2017-07-07 | CVE-2017-2237 | OS Command Injection vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. | 9.8 |
| 2017-07-07 | CVE-2017-2185 | OS Command Injection vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101 HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. | 8.8 |
| 2017-07-07 | CVE-2017-2183 | OS Command Injection vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101 HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. | 8.0 |
| 2017-07-06 | CVE-2017-6714 | OS Command Injection vulnerability in Cisco Ultra Services Framework Staging Server 5.0.2 A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. | 9.8 |
| 2017-07-06 | CVE-2017-6712 | OS Command Injection vulnerability in Cisco Elastic Services Controller A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. | 8.8 |
| 2017-07-06 | CVE-2017-6707 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. | 8.2 |
| 2017-07-05 | CVE-2017-1253 | OS Command Injection vulnerability in IBM Security Guardium IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 9.9 |
| 2017-07-03 | CVE-2017-8116 | OS Command Injection vulnerability in Teltonika products The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request. | 9.8 |