Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-11318 | OS Command Injection vulnerability in Cobiansoft Cobian Backup 11 Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. | 8.1 |
| 2017-07-17 | CVE-2017-1000009 | OS Command Injection vulnerability in Akeneo Product Information Management Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution. | 9.8 |
| 2017-07-12 | CVE-2017-4053 | OS Command Injection vulnerability in Mcafee Advanced Threat Defense Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. | 9.8 |
| 2017-07-10 | CVE-2017-7175 | OS Command Injection vulnerability in Nfsen 1.2.3/1.3.7 NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field). | 9.9 |
| 2017-07-07 | CVE-2017-2237 | OS Command Injection vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. | 9.8 |
| 2017-07-07 | CVE-2017-2185 | OS Command Injection vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101 HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. | 8.8 |
| 2017-07-07 | CVE-2017-2183 | OS Command Injection vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101 HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. | 8.0 |
| 2017-07-06 | CVE-2017-6714 | OS Command Injection vulnerability in Cisco Ultra Services Framework Staging Server 5.0.2 A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. | 9.8 |
| 2017-07-06 | CVE-2017-6712 | OS Command Injection vulnerability in Cisco Elastic Services Controller A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. | 8.8 |
| 2017-07-06 | CVE-2017-6707 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. | 8.2 |