Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-04 | CVE-2017-14135 | OS Command Injection vulnerability in Dreambox Opendreambox 2.0 enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI. | 9.8 |
| 2017-09-04 | CVE-2017-14127 | OS Command Injection vulnerability in Technicolor Td5336 Firmware 7.0 Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi. | 9.8 |
| 2017-09-03 | CVE-2017-14119 | OS Command Injection vulnerability in Eyesofnetwork 5.10 In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter. | 8.8 |
| 2017-09-03 | CVE-2017-14118 | OS Command Injection vulnerability in Eyesofnetwork 5.10 In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php. | 8.8 |
| 2017-09-02 | CVE-2017-14100 | OS Command Injection vulnerability in Digium Asterisk In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. | 9.8 |
| 2017-08-31 | CVE-2015-5958 | OS Command Injection vulnerability in PHPfilemanager Project PHPfilemanager 0.9.8 phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL. | 8.8 |
| 2017-08-29 | CVE-2017-10951 | OS Command Injection vulnerability in Foxitsoftware Foxit Reader 8.3.0.14878 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. | 8.8 |
| 2017-08-29 | CVE-2017-10832 | OS Command Injection vulnerability in Nippon-Antenna Scr02Hd Firmware 1.0.3.1000 "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2017-08-28 | CVE-2016-0634 | OS Command Injection vulnerability in GNU Bash 4.3 The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. | 7.5 |
| 2017-08-21 | CVE-2017-11366 | OS Command Injection vulnerability in Codiad components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type. | 9.8 |