Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-05-18 CVE-2018-10967 OS Command Injection vulnerability in D-Link Dir-550A Firmware and Dir-604M Firmware
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution.
network
low complexity
d-link CWE-78
8.8
8.8
2018-05-17 CVE-2018-10730 OS Command Injection vulnerability in Phoenixcontact products
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.
network
low complexity
phoenixcontact CWE-78
critical
 9.1
9.1
2018-05-17 CVE-2018-0324 OS Command Injection vulnerability in Cisco Network Functions Virtualization Infrastructure 3.6.1/3.6.2/3.7.1
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack.
local
low complexity
cisco CWE-78
6.7
6.7
2018-05-17 CVE-2018-0279 OS Command Injection vulnerability in Cisco Enterprise NFV Infrastructure Software
A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device.
network
low complexity
cisco CWE-78
8.8
8.8
2018-05-14 CVE-2017-14434 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-78
8.8
8.8
2018-05-14 CVE-2017-14433 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-78
8.8
8.8
2018-05-14 CVE-2017-14432 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-78
8.8
8.8
2018-05-14 CVE-2017-12125 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-78
8.8
8.8
2018-05-14 CVE-2017-12121 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-78
8.8
8.8
2018-05-14 CVE-2017-12120 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-78
8.8
8.8