CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,042 vulnerabilities with CWE-78
CVE-2018-11149 HIGH
Quest Disk Backup < 4.0.3.1 - OS Command Injection
CVSS 8.8
CVE-2018-11148 HIGH
Quest Disk Backup < 4.0.3.1 - OS Command Injection
CVSS 8.8
CVE-2018-11147 HIGH
Quest Disk Backup < 4.0.3.1 - OS Command Injection
CVSS 8.8
CVE-2018-11146 HIGH
Quest Disk Backup < 4.0.3.1 - OS Command Injection
CVSS 8.8
CVE-2018-11145 HIGH
Quest Disk Backup < 4.0.3.1 - OS Command Injection
CVSS 8.8
CVE-2018-11144 HIGH
Quest Disk Backup < 4.0.3.1 - OS Command Injection
CVSS 8.8
CVE-2018-11143 CRITICAL
Quest DR Series Disk Backup < 4.0.3.1 - OS Command Injection
CVSS 9.8
CVE-2018-3757 CRITICAL
pdf-image < 2.0.0 - OS Command Injection via Unescaped String Parameter
CVSS 9.8
CVE-2018-3746 CRITICAL
pdfinfojs <= 0.3.6 - OS Command Injection
CVSS 9.8
CVE-2018-11139 HIGH
Quest KACE System Management Appliance 8.0.318 - Authenticated OS Command Injection via TEST_SERVER Parameter
CVSS 8.8
CVE-2018-11138 CRITICAL KEV
Quest KACE System Management Appliance 8.0.318 - Unauthenticated OS Command Injection via download_agent_installer.php
CVSS 9.8
CVE-2018-11132 HIGH
Quest KACE System Management Appliance 8.0.318 - Authenticated OS Command Injection via Message Queue
CVSS 8.8
CVE-2018-1242 MEDIUM
Dell EMC RecoverPoint < 5.1.2 and RecoverPoint for VMs < 5.1.1.3 - Authenticated OS Command Injection in Boxmgmt CLI
CVSS 6.5
CVE-2018-1235 CRITICAL
Dell EMC RecoverPoint < 5.1.2 and RecoverPoint for Virtual Machines < 5.1.1.3 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2018-10354 HIGH
Trend Micro Email Encryption Gateway 5.5 - Command Injection
CVSS 8.8
CVE-2018-4924 CRITICAL
Adobe Dreamweaver < 18.0 - OS Command Injection
CVSS 9.8
CVE-2018-4923 CRITICAL
Adobe Connect < 9.7 - OS Command Injection
CVSS 9.1
CVE-2018-10967 HIGH
D-Link DIR-550A and DIR-604M < 2.10KR - OS Command Injection
CVSS 8.8
CVE-2018-10730 CRITICAL
Phoenix Contact FL SWITCH 3xxx/4xxx/48xx Firmware < 1.33 - OS Command Injection
CVSS 9.1
CVE-2018-1111 HIGH
DHCP Client Command Injection (DynoRoot)
CVSS 7.5
CVE-2018-0324 MEDIUM
Cisco Enterprise NFV Infrastructure Software - Authenticated OS Command Injection via CLI Parameter
CVSS 6.7
CVE-2018-0279 HIGH
Cisco Enterprise NFV Infrastructure Software < 3.6.3 - Authenticated OS Command Injection via SCP Server
CVSS 8.8
CVE-2018-6021 HIGH
Silex SD-320AN < 2.01 and GEH-SD-320AN < GEH-1.1 - Remote Code Execution via System Call Parameter
CVSS 7.4
CVE-2018-8866 HIGH
Vecna VGo Robot <3.0.3.52164 - Command Injection
CVSS 8.8
CVE-2018-1239 HIGH
Dell EMC Unity Operating Environment < 4.3.0.1522077968 - Authenticated OS Command Injection
CVSS 7.2
Details
Vulnerabilities 6,042
Exploit Likelihood High