CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,041 vulnerabilities with CWE-78
CVE-2018-19907
HIGH
Crafter CMS 3.0.18 - Command Injection
CVSS 8.8
CVE-2018-12317
HIGH
ASUSTOR ADM <3.1.1 - Command Injection
CVSS 8.8
CVE-2018-12316
HIGH
ASUSTOR ADM <3.1.1 - Command Injection
CVSS 8.8
CVE-2018-12313
CRITICAL
ASUSTOR ADM <3.1.1 - Command Injection
CVSS 9.8
CVE-2018-12312
HIGH
ASUSTOR ADM <3.1.1 - Command Injection
CVSS 8.8
CVE-2018-12307
HIGH
ASUSTOR ADM <3.1.1 - Command Injection
CVSS 8.8
CVE-2018-4021
HIGH
Netgate pfSense CE 2.4.4-RELEASE - Authenticated OS Command Injection via powerd_battery_mode POST Parameter
CVSS 7.2
CVE-2018-4020
HIGH
Netgate pfSense CE 2.4.4-RELEASE - Authenticated OS Command Injection via powerd_ac_mode POST Parameter
CVSS 7.2
CVE-2018-4019
HIGH
Netgate pfSense CE 2.4.4-RELEASE - Authenticated OS Command Injection via powerd_normal_mode Parameter
CVSS 7.2
CVE-2018-14706
CRITICAL
Drobo 5N2 NAS <4.0.5-13.28.96115 - Command Injection
CVSS 9.8
CVE-2018-14701
CRITICAL
Drobo 5N2 NAS <4.0.5-13.28.96115 - Command Injection
CVSS 9.8
CVE-2018-14699
CRITICAL
Drobo 5N2 NAS <4.0.5-13.28.96115 - Command Injection
CVSS 9.8
CVE-2018-16863
HIGH
Ghostscript 9.07 - Remote Code Execution via PostScript Document
CVSS 7.3
CVE-2018-15716
HIGH
NUUO NVRMini2 3.9.1 - Authenticated Remote Command Injection via upgrade_handle.php
CVSS 8.8
CVE-2018-19290
CRITICAL
Budabot 0.6-4.0 - Remote Code Execution via HELPBOT_MODULE Command Injection
CVSS 9.8
CVE-2018-19646
CRITICAL
Imperva SecureSphere <13.2.10 - Command Injection
CVSS 9.8
CVE-2018-13418
HIGH
TerraMaster TOS 3.1.03 - OS Command Injection via ajaxdata.php newname Parameter
CVSS 8.8
CVE-2018-13358
HIGH
TerraMaster TOS 3.1.03 - OS Command Injection via ajaxdata.php checkName Parameter
CVSS 8.8
CVE-2018-13354
CRITICAL
TerraMaster TOS 3.1.03 - OS Command Injection via Event Parameter
CVSS 9.8
CVE-2018-13353
HIGH
TerraMaster TOS 3.1.03 - OS Command Injection via ajaxdata.php checkport Parameter
CVSS 8.8
CVE-2018-13338
CRITICAL
TerraMaster TOS 3.1.03 - OS Command Injection via Username Parameter
CVSS 9.8
CVE-2018-13336
CRITICAL
TerraMaster TOS 3.1.03 - OS Command Injection via ajaxdata.php pwd Parameter
CVSS 9.8
CVE-2018-13330
HIGH
TerraMaster TOS 3.1.03 - OS Command Injection via Group Creation Groupname Parameter
CVSS 7.2
CVE-2018-16130
HIGH
Miwifi OS - OS Command Injection
CVSS 8.8
CVE-2018-14893
HIGH
ZyXEL NSA325 V2 <4.81 - Command Injection
CVSS 8.8
Details
Vulnerabilities
6,041
Exploit Likelihood
High