CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,041 vulnerabilities with CWE-78
CVE-2018-17565
CRITICAL
Grandstream GXP16xx VoIP <1.0.4.128 - Command Injection
CVSS 9.8
CVE-2018-5757
HIGH
AudioCodes 450HD IP Phone <3.0.0.535.106 - RCE
CVSS 8.8
CVE-2018-13285
HIGH
Synology Router Manager 1.1-1.1.7-6941-1 - Authenticated OS Command Injection via MKD or RMD Command
CVSS 7.5
CVE-2018-13284
HIGH
Synology DiskStation Manager < 6.2-23739-1 - Authenticated OS Command Injection via MKD or RMD FTP Commands
CVSS 7.5
CVE-2018-3969
HIGH
CUJO Smart Firewall - Persistent OS Command Injection via dhcpd.conf
CVSS 7.8
CVE-2018-20323
HIGH
MailCleaner Community Edition 2018.08 - Remote Code Execution via Logs.php
CVSS 8.8
CVE-2018-20218
CRITICAL
Teracue ENC-400 <2.56 - Command Injection
CVSS 9.8
CVE-2018-20106
MEDIUM
yast2-printer <4.0.2 - Code Injection
CVSS 6.5
CVE-2018-1998
HIGH
IBM WebSphere MQ <9.1.1 - Privilege Escalation
CVSS 8.8
CVE-2018-19639
MEDIUM
supportutils < 3.1-5.7.1 - OS Command Injection via Manipulated RPM Listing
CVSS 6.7
CVE-2018-20122
CRITICAL
FASTGate Fastweb <0.00.47_FW_200_Askey 2017-05-17 - Command Injection
CVSS 9.8
CVE-2018-15380
HIGH
Cisco HyperFlex Software - Privilege Escalation
CVSS 8.8
CVE-2018-19015
HIGH
CX-Supervisor < 3.42 - OS Command Injection via Project File
CVSS 7.3
CVE-2018-12237
HIGH
Symantec Reporter CLI <10.1.5.6, <10.2.1.8 - Command Injection
CVSS 7.2
CVE-2018-17707
HIGH
Epic Games Launcher < 8.2.2 - Remote Code Execution via com.epicgames.launcher Protocol Handler
CVSS 8.8
CVE-2018-6444
CRITICAL
Brocade Network Advisor < 14.1.0 - Unauthenticated Remote Code Execution and OS Command Injection
CVSS 9.8
CVE-2018-20727
HIGH
NeDi < 1.7Cp3 - Authenticated OS Command Injection via flt/dv/tit Parameters
CVSS 8.8
CVE-2018-16200
HIGH
Toshiba HEM-GW16A and HEM-GW26A < 1.2.9 - OS Command Injection
CVSS 8.8
CVE-2018-16195
HIGH
Aterm WF1200CR Firmware < 1.1.1 and Aterm WG1200CR Firmware < 1.0.1 - OS Command Injection via SOAP Interface of UPnP
CVSS 8.8
CVE-2018-16194
HIGH
Aterm WF1200CR Firmware < 1.1.1 and Aterm WG1200CR Firmware < 1.0.1 - Authenticated OS Command Injection
CVSS 7.2
CVE-2018-16184
CRITICAL
RICOH Interactive Whiteboard D2200/D5500/D5510/D5520/D6500/D6510/D7500/D8400 1.6-2.2 - OS Command Injection
CVSS 9.8
CVE-2018-16167
CRITICAL
LogonTracer < 1.2.0 - OS Command Injection
CVSS 9.8
CVE-2018-0677
MEDIUM
BN-SDWBP3 Firmware <= 1.0.9 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-0639
HIGH
Aterm HC100RC Firmware < 1.0.1 - Authenticated OS Command Injection via tools_firmware.cgi Parameters
CVSS 7.2
CVE-2018-0638
HIGH
Aterm HC100RC Firmware < 1.0.1 - Authenticated OS Command Injection via import.cgi encKey Parameter
CVSS 7.2
Details
Vulnerabilities
6,041
Exploit Likelihood
High