CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,575 vulnerabilities with CWE-77
CVE-2015-8969 CRITICAL
git-fastclone < 1.0.5 - Command Injection via Shell Command Arguments
CVSS 9.8
CVE-2015-8968 HIGH
git-fastclone < 1.0.1 - Remote Code Execution via .gitmodules
CVSS 8.8
CVE-2015-0857 CRITICAL
tardiff - Remote Command Execution via Shell Metacharacters in Tar File Name
CVSS 9.8
CVE-2015-5349 HIGH
Apache LDAP Studio/Apache Directory Studio <2.0.0-M10 - Command Inj...
CVSS 7.8
CVE-2015-7541 CRITICAL
colorscore < 0.0.5 - OS Command Injection via Histogram Image Path
CVSS 10.0
CVE-2015-5003 HIGH
IBM Tivoli Monitoring 6.2.2-6.2.2 FP9, 6.2.3-6.2.3 FP5, 6.3.0 < FP7 - Command Injection via Take Action View
CVSS 8.5
CVE-2015-6613
Android < 5.1.1 LMY48X and 6.0 < 2015-11-01 - Command Injection via Bluetooth Debugging Port
CVE-2015-5011
IBM WebSphere Message Broker 8 & Integration Bus 9 - Unauthenticated Command Execution
CVE-2015-4974
IBM General Parallel File System 3.5.x < 3.5.0.27 and 4.1.x < 4.1.1.2 - Local Privilege Escalation
CVE-2015-7839
SolarWinds Log and Event Manager - Remote Command Execution via Traceroute Functionality
CVE-2015-4930
IBM QRadar SIEM 7.1 MR2-7.2.x - Authenticated Remote Command Execution with Root Privileges
CVE-2015-2011
IBM QRadar SIEM 7.1 MR2-7.2.x - Authenticated Remote Code Execution via xmlrpc.cgi
CVE-2015-5082
Endian Firewall < 2.5.1 - Remote Command Execution via Password Change Parameters
CVE-2015-6547
Symantec Web Gateway < 5.2.2 - Authenticated Remote Code Execution
CVE-2015-5274
Red Hat OpenShift 2.2 - Command Injection
CVE-2015-6912
Synology Video Station < 1.5-0757 - Remote Command Execution via Subtitle Codepage Parameter
CVE-2015-5190
Pacemaker/PCS < 0.9.139 - Authenticated Remote Code Execution via URL Escape Characters
CVE-2015-5474
BitTorrent/utorrent - Command Injection
CVE-2015-5080
Citrix NetScaler ADC/Gateway <10.1.132.8/<10.5 Build 56.15/<10.5.e Build 56.1505.e Authenticated Command Injection
CVE-2015-1561
Centreon <2.5.4 - Command Injection
CVE-2015-5453
Watchguard XCS <10.0 - Command Injection
CVE-2015-4525
EMC Isilon OneFS 6.5.x.x-7.1.1.x - Authenticated Remote Code Execution via Log-Gather
CVE-2015-3716
macOS < 10.10.3 - Remote Code Execution via Crafted Photo File Name
CVE-2015-3678
Apple OS X <10.10.4 - Privilege Escalation/DoS
CVE-2015-1986
IBM Tivoli Storage Manager FastBack 6.1 - Remote Command Execution
Details
Vulnerabilities 3,575
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits