CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,041 vulnerabilities with CWE-78
CVE-2018-13316 CRITICAL
TOTOLINK A3002RU 1.0.8 - OS Command Injection via Subnet POST Parameter
CVSS 9.8
CVE-2018-13314 CRITICAL
TOTOLINK A3002RU 1.0.8 - OS Command Injection via ipAddr POST Parameter
CVSS 9.8
CVE-2018-13307 CRITICAL
TOTOLINK A3002RU 1.0.8 - OS Command Injection via NTP Server IP Parameter
CVSS 9.8
CVE-2018-13306 CRITICAL
TOTOLINK A3002RU 1.0.8 - OS Command Injection via ftpUser POST Parameter
CVSS 9.8
CVE-2018-13023 HIGH
Miwifi OS - OS Command Injection
CVSS 8.8
CVE-2018-16090 HIGH
Lenovo System Management Module Firmware < 1.06 - Authenticated OS Command Injection
CVSS 7.5
CVE-2018-16089 HIGH
Lenovo System Management Module Firmware < 1.06 - Authenticated OS Command Injection via Firmware Update Image Header
CVSS 7.5
CVE-2018-13320 HIGH
Buffalo TS5600D1206 Firmware 3.70-0.10 - OS Command Injection via adminUsername and adminPassword Parameters
CVSS 7.2
CVE-2018-13318 HIGH
Buffalo TS5600D1206 Firmware 3.61-0.10 - OS Command Injection via User.create Name Parameter
CVSS 7.2
CVE-2018-13311 CRITICAL
TOTOLINK A3002RU 1.0.8 - OS Command Injection via SambaUser POST Parameter
CVSS 9.8
CVE-2018-11077 MEDIUM
Dell EMC Avamar Server 7.2.0-7.5.1 and 18.1 - Authenticated OS Command Injection via getlogs Utility
CVSS 6.7
CVE-2018-18859 HIGH
LiquidVPN < 1.37 - Local Privilege Escalation via Unprotected XPC Service
CVSS 7.8
CVE-2018-18858 HIGH
LiquidVPN < 1.37 - Local Privilege Escalation via Unprotected XPC Service
CVSS 7.8
CVE-2018-18857 HIGH
LiquidVPN < 1.37 - Unauthenticated OS Command Injection via XPC Service
CVSS 7.8
CVE-2018-18856 HIGH
LiquidVPN < 1.37 - Local Privilege Escalation via Unprotected XPC Service
CVSS 7.8
CVE-2018-9086 HIGH
Lenovo ThinkServer RD340/RD440/RD640/TD340 Firmware - Authenticated OS Command Injection via BMC Firmware Download
CVSS 7.2
CVE-2018-0694 CRITICAL
FileZen 3.0.0-4.2.1 - Remote Code Execution
CVSS 9.8
CVE-2018-15711 HIGH
Nagios XI 5.5.6 - Authenticated Privilege Escalation via API Key Reset
CVSS 8.8
CVE-2018-15710 HIGH
Nagios XI 5.5.6 - Authenticated Privilege Escalation via Autodiscover_new.php
CVSS 7.8
CVE-2018-15709 HIGH
Nagios XI 5.5.6 - Authenticated OS Command Injection
CVSS 8.8
CVE-2018-19168 CRITICAL
FruityWifi <2.4 - Command Injection
CVSS 9.8
CVE-2018-19081 CRITICAL
Foscam Opticam i5 Firmware 1.5.2.11/2.21.1.128 - OS Command Injection via ONVIF SetDNS
CVSS 9.8
CVE-2018-19073 HIGH
Opticam i5 and Foscam C2 - OS Command Injection via ProductConfig.xml modelName
CVSS 7.2
CVE-2018-19070 HIGH
Opticam i5 Application Firmware 2.21.1.128 - OS Command Injection via CGIProxy.fcgi usrName Parameter
CVSS 7.2
CVE-2018-3890 MEDIUM
Yi Home Camera 27US 1.8.7.0D - OS Command Injection via Firmware Update
CVSS 6.8
Details
Vulnerabilities 6,041
Exploit Likelihood High