CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,041 vulnerabilities with CWE-78
CVE-2018-13316
CRITICAL
TOTOLINK A3002RU 1.0.8 - OS Command Injection via Subnet POST Parameter
CVSS 9.8
CVE-2018-13314
CRITICAL
TOTOLINK A3002RU 1.0.8 - OS Command Injection via ipAddr POST Parameter
CVSS 9.8
CVE-2018-13307
CRITICAL
TOTOLINK A3002RU 1.0.8 - OS Command Injection via NTP Server IP Parameter
CVSS 9.8
CVE-2018-13306
CRITICAL
TOTOLINK A3002RU 1.0.8 - OS Command Injection via ftpUser POST Parameter
CVSS 9.8
CVE-2018-13023
HIGH
Miwifi OS - OS Command Injection
CVSS 8.8
CVE-2018-16090
HIGH
Lenovo System Management Module Firmware < 1.06 - Authenticated OS Command Injection
CVSS 7.5
CVE-2018-16089
HIGH
Lenovo System Management Module Firmware < 1.06 - Authenticated OS Command Injection via Firmware Update Image Header
CVSS 7.5
CVE-2018-13320
HIGH
Buffalo TS5600D1206 Firmware 3.70-0.10 - OS Command Injection via adminUsername and adminPassword Parameters
CVSS 7.2
CVE-2018-13318
HIGH
Buffalo TS5600D1206 Firmware 3.61-0.10 - OS Command Injection via User.create Name Parameter
CVSS 7.2
CVE-2018-13311
CRITICAL
TOTOLINK A3002RU 1.0.8 - OS Command Injection via SambaUser POST Parameter
CVSS 9.8
CVE-2018-11077
MEDIUM
Dell EMC Avamar Server 7.2.0-7.5.1 and 18.1 - Authenticated OS Command Injection via getlogs Utility
CVSS 6.7
CVE-2018-18859
HIGH
LiquidVPN < 1.37 - Local Privilege Escalation via Unprotected XPC Service
CVSS 7.8
CVE-2018-18858
HIGH
LiquidVPN < 1.37 - Local Privilege Escalation via Unprotected XPC Service
CVSS 7.8
CVE-2018-18857
HIGH
LiquidVPN < 1.37 - Unauthenticated OS Command Injection via XPC Service
CVSS 7.8
CVE-2018-18856
HIGH
LiquidVPN < 1.37 - Local Privilege Escalation via Unprotected XPC Service
CVSS 7.8
CVE-2018-9086
HIGH
Lenovo ThinkServer RD340/RD440/RD640/TD340 Firmware - Authenticated OS Command Injection via BMC Firmware Download
CVSS 7.2
CVE-2018-0694
CRITICAL
FileZen 3.0.0-4.2.1 - Remote Code Execution
CVSS 9.8
CVE-2018-15711
HIGH
Nagios XI 5.5.6 - Authenticated Privilege Escalation via API Key Reset
CVSS 8.8
CVE-2018-15710
HIGH
Nagios XI 5.5.6 - Authenticated Privilege Escalation via Autodiscover_new.php
CVSS 7.8
CVE-2018-15709
HIGH
Nagios XI 5.5.6 - Authenticated OS Command Injection
CVSS 8.8
CVE-2018-19168
CRITICAL
FruityWifi <2.4 - Command Injection
CVSS 9.8
CVE-2018-19081
CRITICAL
Foscam Opticam i5 Firmware 1.5.2.11/2.21.1.128 - OS Command Injection via ONVIF SetDNS
CVSS 9.8
CVE-2018-19073
HIGH
Opticam i5 and Foscam C2 - OS Command Injection via ProductConfig.xml modelName
CVSS 7.2
CVE-2018-19070
HIGH
Opticam i5 Application Firmware 2.21.1.128 - OS Command Injection via CGIProxy.fcgi usrName Parameter
CVSS 7.2
CVE-2018-3890
MEDIUM
Yi Home Camera 27US 1.8.7.0D - OS Command Injection via Firmware Update
CVSS 6.8
Details
Vulnerabilities
6,041
Exploit Likelihood
High