Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-10-18 CVE-2024-10118 SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality.
network
low complexity
CWE-78
critical
9.8
2024-10-17 CVE-2005-10003 OS Command Injection vulnerability in Mikexstudios Xcomic
A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2.
network
low complexity
mikexstudios CWE-78
critical
9.8
2024-10-16 CVE-2024-20458 OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication on specific HTTP endpoints.
network
low complexity
cisco CWE-78
8.2
2024-10-16 CVE-2024-20459 OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware
A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system. This vulnerability is due to a lack of input sanitization in the web-based management interface.
network
low complexity
cisco CWE-78
7.2
2024-10-16 CVE-2024-20461 OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware
A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is not properly sanitized.
local
low complexity
cisco CWE-78
6.0
2024-10-13 CVE-2024-9916 OS Command Injection vulnerability in Usualtool Usualtoolcms 9.0
A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9.
network
low complexity
usualtool CWE-78
critical
9.8
2024-10-10 CVE-2024-9793 OS Command Injection vulnerability in Tenda Ac1206 Firmware 15.03.06.23
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23.
network
low complexity
tenda CWE-78
critical
9.8
2024-10-09 CVE-2024-9463 OS Command Injection vulnerability in Paloaltonetworks Expedition
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
network
low complexity
paloaltonetworks CWE-78
7.5
2024-10-09 CVE-2024-9464 OS Command Injection vulnerability in Paloaltonetworks Expedition
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
network
low complexity
paloaltonetworks CWE-78
6.5
2024-10-08 CVE-2024-9380 OS Command Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
network
low complexity
ivanti CWE-78
7.2