Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-03-29 CVE-2022-43633 OS Command Injection vulnerability in Dlink Dir-1935 Firmware 1.03
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers.
low complexity
dlink CWE-78
6.8
2023-03-28 CVE-2023-27394 OS Command Injection vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01
Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability.
network
low complexity
propumpservice CWE-78
critical
9.8
2023-03-28 CVE-2023-27886 OS Command Injection vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability.
network
low complexity
propumpservice CWE-78
critical
9.8
2023-03-27 CVE-2018-25083 OS Command Injection vulnerability in Pull IT Project Pull IT
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.
network
low complexity
pull-it-project CWE-78
critical
9.8
2023-03-24 CVE-2022-28495 OS Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566B20171026
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter.
network
low complexity
totolink CWE-78
critical
9.8
2023-03-23 CVE-2022-28491 OS Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566B20171026
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter.
network
low complexity
totolink CWE-78
critical
9.8
2023-03-23 CVE-2022-28494 OS Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566B20171026
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter.
network
low complexity
totolink CWE-78
critical
9.8
2023-03-19 CVE-2023-28617 OS Command Injection vulnerability in GNU ORG Mode
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
local
low complexity
gnu CWE-78
7.8
2023-03-16 CVE-2023-25280 OS Command Injection vulnerability in Dlink Dir820La1 Firmware 105B03
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
network
low complexity
dlink CWE-78
critical
9.8
2023-03-14 CVE-2023-28343 OS Command Injection vulnerability in Apsystems Energy Communication Unit Firmware C1.2.5
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.
network
low complexity
apsystems CWE-78
critical
9.8