CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,575 vulnerabilities with CWE-77
CVE-2013-2513
CRITICAL
flash_tool <0.6.0 - Command Injection
CVSS 9.8
CVE-2013-7471
CRITICAL
D-Link DIR-300, DIR-600 < 2.17b01, DIR-645 < 1.04b11, DIR-845 < 1.02b03, DIR-865 - OS Command Injection
CVSS 9.8
CVE-2013-2516
HIGH
fileutils < 0.7 - Command Injection via URL Variable
CVSS 8.8
CVE-2013-7377
HIGH
codem-transcode < 0.5.0 - Remote Code Execution via /probe POST Request
CVSS 8.1
CVE-2013-6924
CRITICAL
Seagate BlackArmor NAS 220 Firmware sg2000-2000.1331 - Remote Command Execution via backupmgt/getAlias.php ip Parameter
CVSS 9.8
CVE-2013-7418
IPCop < 2.1.5 - Authenticated Remote Code Execution via iptablesgui.cgi TABLE Parameter
CVE-2013-4663
redmine_git_hosting_plugin - Remote Command Execution via Shell Metacharacters in Service Parameter or Reqfile Argument
CVE-2013-2810
Emerson ROC800 RTU < 3.50, DL8000 RTU < 2.30, ROC800L RTU < 1.20 - Remote Code Execution via TCP Replay Attack
CVE-2013-7416
Canto Curses <0.9.0 - Command Injection
CVE-2012-4086
Cisco Unified Computing System - Remote Command Execution via Fabric Interconnect Setup Script
CVE-2012-1823
CRITICAL
KEV
PHP < 5.3.12 and 5.4.x < 5.4.2 - Remote Code Execution via CGI Query String
CVSS 9.8
CVE-2011-4182
HIGH
SUSE Linux Enterprise <0.83.7-2.1 - RCE
CVSS 7.3
CVE-2010-5330
CRITICAL
KEV
Ubiquiti AirOS < 4.0.1 - Command Injection via stainfo.cgi ifname Parameter
CVSS 9.8
CVE-2010-4345
HIGH
KEV
Exim4 string_format Function Heap Buffer Overflow
CVSS 7.8
CVE-2010-2008
MySQL < 5.1.48 - Authenticated Denial of Service via ALTER DATABASE Command
CVE-2010-0136
OpenOffice.org 2.0.4, 2.4.1, and 3.1.1 - Remote Code Execution via Crafted Document
CVE-2009-5157
HIGH
Linksys WAG54G2 1.00.10 - Authenticated Command Injection via setup.cgi c4_ping_ipaddr Variable
CVSS 8.8
CVE-2009-5156
CRITICAL
ASMAX AR-804gu 66.34.1 - OS Command Injection via cgi-bin/script Query String
CVSS 9.8
CVE-2008-7319
CRITICAL
Net::Ping::External <0.15 - Command Injection
CVSS 9.8
CVE-2008-7315
CRITICAL
UI-Dialog <1.09 - Remote Code Execution
CVSS 9.8
CVE-2008-7313
CRITICAL
snoopy < 4.2.3 - Remote Command Execution via _httpsrequest Function
CVSS 9.8
CVE-2007-3010
CRITICAL
KEV
Alcatel OmniPCX Enterprise < 7.1 - Remote Command Execution via Unified Maintenance Tool
CVSS 9.8
CVE-2005-2773
CRITICAL
KEV
HP OpenView Network Node Manager <7.50 - RCE
CVSS 9.8
CVE-2005-2793
phpLDAPadmin 0.9.6-0.9.7 - Remote File Inclusion via Custom Welcome Page Parameter
CVE-1999-0039
HIGH
SGI IRIX - Remote Command Execution via webdist.cgi distloc Parameter
CVSS 7.3
Details
Vulnerabilities
3,575
Exploit Likelihood
High