CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,041 vulnerabilities with CWE-78
CVE-2018-16408
HIGH
D-Link DIR-846 Firmware 100.26 - Authenticated Remote Code Execution via SetNetworkTomographySettings
CVSS 7.2
CVE-2018-16334
HIGH
Tenda AC10 Firmware < 15.03.06.23 and AC9 Firmware - OS Command Injection via MAC Parameter
CVSS 8.8
CVE-2018-15477
CRITICAL
myStrom WiFi Switch V1 < 2.66 - OS Command Injection via Cloud Parameter
CVSS 9.8
CVE-2018-11616
HIGH
Tencent Foxmail 7.2.9.115 - Remote Code Execution via URI Handler
CVSS 8.8
CVE-2018-14572
HIGH
conference-scheduler-cli < 0.10.1 - Remote Code Execution via Pickle Deserialization
CVSS 7.8
CVE-2018-15529
HIGH
Mutiny Monitoring Appliance < 6.1.0-5263 - Authenticated OS Command Injection via System Upgrade Filename
CVSS 8.8
CVE-2018-15887
HIGH
ASUS DSL-N12E_C1 1.1.2.3_345 - Authenticated Remote Command Execution via destIP Parameter
CVSS 8.8
CVE-2018-15877
HIGH
Plainview Activity Monitor < 20180826 - OS Command Injection via IP Parameter
CVSS 8.8
CVE-2018-3786
CRITICAL
egg-scripts < 2.8.1 - OS Command Injection via Command Line Argument
CVSS 9.8
CVE-2018-15481
HIGH
UCOPIA Wireless Appliance Firmware 5.1.0-5.1.12 - Authenticated OS Command Injection via SSH LocalCommand
CVSS 8.8
CVE-2018-15553
HIGH
Telus Actiontec T2200H Firmware 31.128L.03 - OS Command Injection via smbdUserid or smbdPasswd Field
CVSS 8.8
CVE-2018-3785
CRITICAL
git-dummy-commit v1.3.0 - OS Command Injection via Unescaped Parameter
CVSS 9.8
CVE-2018-0427
HIGH
Cisco Application Policy Infrastructu... - Command Injection
CVSS 8.8
CVE-2018-15156
HIGH
OpenEMR <5.0.1.4 - Command Injection
CVSS 8.8
CVE-2018-15155
HIGH
OpenEMR <5.0.1.4 - Command Injection
CVSS 8.8
CVE-2018-15154
HIGH
OpenEMR <5.0.1.4 - Command Injection
CVSS 8.8
CVE-2018-15153
HIGH
OpenEMR <5.0.1.4 - Command Injection
CVSS 8.8
CVE-2018-3937
CRITICAL
Sony IPELA E Series Network Camera G5 Firmware 1.87.00 - OS Command Injection via measurementBitrateExec
CVSS 9.1
CVE-2018-14933
CRITICAL
KEV
NUUO NVRmini Firmware - Remote Command Execution via uploaddir Parameter
CVSS 9.8
CVE-2018-14417
CRITICAL
SoftNAS Cloud <4.0.3 - Command Injection
CVSS 9.8
CVE-2018-12483
HIGH
OCS Inventory 2.4.1 - Command Injection
CVSS 8.8
CVE-2018-10900
HIGH
Network Manager VPNC Username Privilege Escalation
CVSS 7.8
CVE-2018-10905
HIGH
CloudForms Management Engine - Privilege Escalation via dRuby Security Setting
CVSS 7.8
CVE-2018-0349
CRITICAL
Cisco SD-WAN Solution < 18.3.0 - Authenticated Arbitrary File Write via CLI request admin-tech Command
CVSS 9.8
CVE-2018-0348
HIGH
Cisco SD-WAN Solution < 18.3.0 - Authenticated OS Command Injection via VPN Load Command
CVSS 7.2
Details
Vulnerabilities
6,041
Exploit Likelihood
High