Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-30 | CVE-2022-44019 | OS Command Injection vulnerability in Totaljs Total.Js In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. | 8.8 |
| 2022-10-27 | CVE-2022-31898 | OS Command Injection vulnerability in Gl-Inet Gl-Ax1800 Firmware and Gl-Mt300N-V2 Firmware gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. | 6.8 |
| 2022-10-27 | CVE-2022-42055 | OS Command Injection vulnerability in Gl-Inet Goodcloud 1.00.220412.00 Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. | 6.5 |
| 2022-10-26 | CVE-2022-42999 | OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10B05 D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. | 7.5 |
| 2022-10-25 | CVE-2022-29520 | OS Command Injection vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9Z An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. | 9.8 |
| 2022-10-25 | CVE-2022-29851 | OS Command Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6 documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. | 9.8 |
| 2022-10-25 | CVE-2022-30541 | OS Command Injection vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. | 9.8 |
| 2022-10-25 | CVE-2022-32765 | OS Command Injection vulnerability in Robustel R1510 Firmware 3.1.16/3.3.0 An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. | 9.8 |
| 2022-10-25 | CVE-2022-33206 | OS Command Injection vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. | 9.9 |
| 2022-10-25 | CVE-2022-35132 | OS Command Injection vulnerability in Webmin Usermin Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. | 8.8 |