CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,575 vulnerabilities with CWE-77
CVE-2015-1949
IBM Tivoli Storage Manager FastBack 6.1 - Remote Command Execution
CVE-2015-1938
IBM Tivoli Storage Manager FastBack 6.1 - Remote Command Execution
CVE-2015-4336
XCloner 3.1.2 - Authenticated Command Injection via Backup Comments Feature
CVE-2015-3408
Module::Signature < 0.74 - Remote Code Execution via Crafted SIGNATURE File
CVE-2015-0538
EMC AutoStart < 5.5.0 - Remote Code Execution via Crafted Packets
CVE-2015-2846
BitTorrent Sync - Remote Code Execution via Crafted btsync Link
CVE-2015-0225
Apache Cassandra 1.2.0-1.2.19, 2.0.0-2.0.13, 2.1.0-2.1.3 - Unauthenticated Remote Code Execution via JMX/RMI Interface
CVE-2015-1815
setroubleshoot < 3.2.22 - Remote Code Execution via Filename Shell Metacharacters
CVE-2015-2746
Websense TRITON 7.8.3 and V-Series < 7.8.4 - Authenticated Command Injection via CommandLineServlet
CVE-2015-2265
Canonical Ubuntu Linux < 1.0.65 - Command Injection
CVE-2015-0778
Fedora < 0.150 - Command Injection
CVE-2015-2208
phpMoAdmin 1.1.2 - Remote Code Execution via Object Parameter
CVE-2015-0934
ShareLaTeX < 0.1.2 - Authenticated Remote Code Execution via Backtick in Filename
CVE-2015-2051 HIGH KEV
D-Link DIR-645 Firmware < 1.05b01 - Remote Code Execution via HNAP GetDeviceSettings Action
CVSS 8.8
CVE-2014-5470 CRITICAL
Actual Analyzer <2014-08-29 - Code Injection
CVSS 9.8
CVE-2014-4982 CRITICAL
LPAR2RRD <4.53,3.5 - Command Injection
CVSS 9.8
CVE-2014-10075 CRITICAL
karo 2.3.8 - Remote Command Injection via Host Field
CVSS 9.8
CVE-2014-5220 HIGH
Opensuse < 3.3.3 - Command Injection
CVSS 7.8
CVE-2014-5014 CRITICAL
WordPress Flash Uploader < 3.1.3 - Remote Code Execution via image_magic_path Parameter
CVSS 9.8
CVE-2014-8888 CRITICAL
D-Link DIR-815 <2.03.B02 - Command Injection
CVSS 9.8
CVE-2014-6120 CRITICAL
IBM Security AppScan Source Remote Command Execution
CVSS 9.8
CVE-2014-6633 HIGH
Tryton <2.4.15, <2.6.14, <2.8.11, <3.0.7, <3.2.3 - Command Injection
CVSS 8.8
CVE-2014-3114 CRITICAL
ezpz-one-click-backup < 12.03.10 - Remote Code Execution via cmd Parameter
CVSS 9.8
CVE-2014-1834 HIGH
echor 0.1.6 - OS Command Injection via Username or Password Parameter
CVSS 7.8
CVE-2014-1203 CRITICAL
Eyou Mail System < 3.6 - Remote Command Execution via Domain Parameter
CVSS 9.8
Details
Vulnerabilities 3,575
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits