CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,041 vulnerabilities with CWE-78
CVE-2018-17565 CRITICAL
Grandstream GXP16xx VoIP <1.0.4.128 - Command Injection
CVSS 9.8
CVE-2018-5757 HIGH
AudioCodes 450HD IP Phone <3.0.0.535.106 - RCE
CVSS 8.8
CVE-2018-13285 HIGH
Synology Router Manager 1.1-1.1.7-6941-1 - Authenticated OS Command Injection via MKD or RMD Command
CVSS 7.5
CVE-2018-13284 HIGH
Synology DiskStation Manager < 6.2-23739-1 - Authenticated OS Command Injection via MKD or RMD FTP Commands
CVSS 7.5
CVE-2018-3969 HIGH
CUJO Smart Firewall - Persistent OS Command Injection via dhcpd.conf
CVSS 7.8
CVE-2018-20323 HIGH
MailCleaner Community Edition 2018.08 - Remote Code Execution via Logs.php
CVSS 8.8
CVE-2018-20218 CRITICAL
Teracue ENC-400 <2.56 - Command Injection
CVSS 9.8
CVE-2018-20106 MEDIUM
yast2-printer <4.0.2 - Code Injection
CVSS 6.5
CVE-2018-1998 HIGH
IBM WebSphere MQ <9.1.1 - Privilege Escalation
CVSS 8.8
CVE-2018-19639 MEDIUM
supportutils < 3.1-5.7.1 - OS Command Injection via Manipulated RPM Listing
CVSS 6.7
CVE-2018-20122 CRITICAL
FASTGate Fastweb <0.00.47_FW_200_Askey 2017-05-17 - Command Injection
CVSS 9.8
CVE-2018-15380 HIGH
Cisco HyperFlex Software - Privilege Escalation
CVSS 8.8
CVE-2018-19015 HIGH
CX-Supervisor < 3.42 - OS Command Injection via Project File
CVSS 7.3
CVE-2018-12237 HIGH
Symantec Reporter CLI <10.1.5.6, <10.2.1.8 - Command Injection
CVSS 7.2
CVE-2018-17707 HIGH
Epic Games Launcher < 8.2.2 - Remote Code Execution via com.epicgames.launcher Protocol Handler
CVSS 8.8
CVE-2018-6444 CRITICAL
Brocade Network Advisor < 14.1.0 - Unauthenticated Remote Code Execution and OS Command Injection
CVSS 9.8
CVE-2018-20727 HIGH
NeDi < 1.7Cp3 - Authenticated OS Command Injection via flt/dv/tit Parameters
CVSS 8.8
CVE-2018-16200 HIGH
Toshiba HEM-GW16A and HEM-GW26A < 1.2.9 - OS Command Injection
CVSS 8.8
CVE-2018-16195 HIGH
Aterm WF1200CR Firmware < 1.1.1 and Aterm WG1200CR Firmware < 1.0.1 - OS Command Injection via SOAP Interface of UPnP
CVSS 8.8
CVE-2018-16194 HIGH
Aterm WF1200CR Firmware < 1.1.1 and Aterm WG1200CR Firmware < 1.0.1 - Authenticated OS Command Injection
CVSS 7.2
CVE-2018-16184 CRITICAL
RICOH Interactive Whiteboard D2200/D5500/D5510/D5520/D6500/D6510/D7500/D8400 1.6-2.2 - OS Command Injection
CVSS 9.8
CVE-2018-16167 CRITICAL
LogonTracer < 1.2.0 - OS Command Injection
CVSS 9.8
CVE-2018-0677 MEDIUM
BN-SDWBP3 Firmware <= 1.0.9 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-0639 HIGH
Aterm HC100RC Firmware < 1.0.1 - Authenticated OS Command Injection via tools_firmware.cgi Parameters
CVSS 7.2
CVE-2018-0638 HIGH
Aterm HC100RC Firmware < 1.0.1 - Authenticated OS Command Injection via import.cgi encKey Parameter
CVSS 7.2
Details
Vulnerabilities 6,041
Exploit Likelihood High