CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,575 vulnerabilities with CWE-77
CVE-2014-3741 CRITICAL
node-printer < 0.0.1 - OS Command Injection via lpr Command
CVSS 9.8
CVE-2014-9118 HIGH
Zhone zNID GPON 2426A <S3.0.501 - RCE
CVSS 8.8
CVE-2014-8903 HIGH
IBM Curam Social Program Management <6.0.4.5iFix10 - RCE
CVSS 8.8
CVE-2014-9114 HIGH
util-linux <2.26rc-1 - RCE
CVSS 7.8
CVE-2014-5009 CRITICAL
snoopy - Remote Command Execution
CVSS 9.8
CVE-2014-5008 CRITICAL
snoopy - Remote Command Execution
CVSS 9.8
CVE-2014-4677 HIGH
GPG Suite <2015.06 - Command Injection
CVSS 7.8
CVE-2014-9682
dns-sync <0.1.1 - Command Injection
CVE-2014-8630
Bugzilla <4.0.16, <4.2.12, <4.4.7, <5.0rc1 - Command Injection
CVE-2014-9622
xdg-utils 1.1.0 RC1 - Code Injection
CVE-2014-7209
run-mailcap <3.52-1+deb7u1 - Command Injection
CVE-2014-9277
MediaWiki <1.19.22, 1.20.x-1.22.x<1.22.14, 1.23.x<1.23.7 - Code Inj...
CVE-2014-3556
F5 NGINX 1.5.6-1.6.0 - Plaintext Command Injection via STARTTLS SMTP Proxy
CVE-2014-1905
WordPress VideoWhisper Live Streaming Integration <4.29.5 - RCE
CVE-2014-9188
Schneider Electric ProClima <6.1.7 - Buffer Overflow
CVE-2014-7208
GParted <0.15.0 - Command Injection
CVE-2014-7285
Symantec Web Gateway <5.2.2 - Command Injection
CVE-2014-6260
Zenoss Core < 5.0.0 - Unauthenticated Remote Code Execution via Pager Command String
CVE-2014-8515
BitTorrent - Remote Command Execution via Web Interface
CVE-2014-8990
Lsyncd <2.1.5 - Command Injection
CVE-2014-9144
Technicolor Router TD5130 <2.05.C29GV - RCE
CVE-2014-8517
macOS X - Remote Command Execution via HTTP Redirect Pipe Character
CVE-2014-3524
Apache OpenOffice < 4.1.1 - Remote Code Execution via Crafted Calc Spreadsheet
CVE-2014-4336
cups-filters <1.0.53 - Command Injection
CVE-2014-0773
Advantech WebAccess < 7.1 - OS Command Injection via CreateProcess Method
Details
Vulnerabilities 3,575
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits