Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-10-22 | CVE-2013-5703 | OS Command Injection vulnerability in Draytek Vigor 2700 Router and Vigor 2700 Router Firmware The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js. | 6.8 |
2013-10-13 | CVE-2012-4108 | OS Command Injection vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554. | 6.8 |
2013-10-11 | CVE-2013-2578 | OS Command Injection vulnerability in Tp-Link products cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters. | 10.0 |
2013-10-05 | CVE-2012-4075 | OS Command Injection vulnerability in Cisco Nx-Os Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788. | 7.2 |
2013-09-23 | CVE-2013-5486 | OS Command Injection vulnerability in Cisco Prime Data Center Network Manager Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. | 10.0 |
2013-09-10 | CVE-2013-4983 | OS Command Injection vulnerability in Sophos web Appliance Firmware The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php. | 10.0 |
2013-08-31 | CVE-2012-6605 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896. | 9.0 |
2013-08-31 | CVE-2012-6604 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249. | 9.0 |
2013-08-31 | CVE-2012-6602 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122. | 9.0 |
2013-08-31 | CVE-2012-6601 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983. | 10.0 |