Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-18 | CVE-2023-40072 | OS Command Injection vulnerability in Elecom Wab-S300 Firmware and Wab-S600-Ps Firmware OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. | 8.8 |
| 2023-08-16 | CVE-2023-35893 | OS Command Injection vulnerability in IBM Security Guardium IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2023-08-14 | CVE-2023-33013 | OS Command Injection vulnerability in Zyxel Nbg6604 Firmware 1.01(Abir.1)C0 A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. | 8.8 |
| 2023-08-14 | CVE-2023-3267 | OS Command Injection vulnerability in Cyberpower Powerpanel Server When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. | 8.8 |
| 2023-08-14 | CVE-2023-3260 | OS Command Injection vulnerability in multiple products The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. | 8.8 |
| 2023-08-14 | CVE-2023-3261 | OS Command Injection vulnerability in multiple products The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server. | 7.2 |
| 2023-08-09 | CVE-2022-48580 | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. | 8.8 |
| 2023-08-09 | CVE-2022-48581 | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. | 8.8 |
| 2023-08-09 | CVE-2022-48582 | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. | 8.8 |
| 2023-08-09 | CVE-2022-48583 | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a shell command. | 8.8 |