Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-15 | CVE-2017-17405 | OS Command Injection vulnerability in multiple products Ruby before 2.4.3 allows Net::FTP command injection. | 8.8 |
| 2017-12-08 | CVE-2017-16921 | OS Command Injection vulnerability in multiple products In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user. | 8.8 |
| 2017-12-07 | CVE-2017-17458 | OS Command Injection vulnerability in multiple products In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. | 9.8 |
| 2017-12-07 | CVE-2017-17055 | OS Command Injection vulnerability in Articatech Artica Proxy Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php. | 9.0 |
| 2017-12-05 | CVE-2016-1253 | OS Command Injection vulnerability in Debian Most 5.0.0A2.2 The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file. | 9.8 |
| 2017-12-01 | CVE-2017-10902 | OS Command Injection vulnerability in Princeton Ptw-Wms1 Firmware 2.000.012 PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2017-11-27 | CVE-2017-1000159 | OS Command Injection vulnerability in Gnome Evince Command injection in evince via filename when printing to PDF. | 7.8 |
| 2017-11-27 | CVE-2017-1000214 | OS Command Injection vulnerability in Gitphp Project Gitphp GitPHP by xiphux is vulnerable to OS Command Injections | 9.8 |
| 2017-11-27 | CVE-2017-16960 | OS Command Injection vulnerability in Tp-Link products TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd. | 8.8 |
| 2017-11-27 | CVE-2017-16958 | OS Command Injection vulnerability in Tp-Link products TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd. | 8.8 |