CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,042 vulnerabilities with CWE-78
CVE-2018-11149
HIGH
Quest Disk Backup < 4.0.3.1 - OS Command Injection
CVSS 8.8
CVE-2018-11148
HIGH
Quest Disk Backup < 4.0.3.1 - OS Command Injection
CVSS 8.8
CVE-2018-11147
HIGH
Quest Disk Backup < 4.0.3.1 - OS Command Injection
CVSS 8.8
CVE-2018-11146
HIGH
Quest Disk Backup < 4.0.3.1 - OS Command Injection
CVSS 8.8
CVE-2018-11145
HIGH
Quest Disk Backup < 4.0.3.1 - OS Command Injection
CVSS 8.8
CVE-2018-11144
HIGH
Quest Disk Backup < 4.0.3.1 - OS Command Injection
CVSS 8.8
CVE-2018-11143
CRITICAL
Quest DR Series Disk Backup < 4.0.3.1 - OS Command Injection
CVSS 9.8
CVE-2018-3757
CRITICAL
pdf-image < 2.0.0 - OS Command Injection via Unescaped String Parameter
CVSS 9.8
CVE-2018-3746
CRITICAL
pdfinfojs <= 0.3.6 - OS Command Injection
CVSS 9.8
CVE-2018-11139
HIGH
Quest KACE System Management Appliance 8.0.318 - Authenticated OS Command Injection via TEST_SERVER Parameter
CVSS 8.8
CVE-2018-11138
CRITICAL
KEV
Quest KACE System Management Appliance 8.0.318 - Unauthenticated OS Command Injection via download_agent_installer.php
CVSS 9.8
CVE-2018-11132
HIGH
Quest KACE System Management Appliance 8.0.318 - Authenticated OS Command Injection via Message Queue
CVSS 8.8
CVE-2018-1242
MEDIUM
Dell EMC RecoverPoint < 5.1.2 and RecoverPoint for VMs < 5.1.1.3 - Authenticated OS Command Injection in Boxmgmt CLI
CVSS 6.5
CVE-2018-1235
CRITICAL
Dell EMC RecoverPoint < 5.1.2 and RecoverPoint for Virtual Machines < 5.1.1.3 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2018-10354
HIGH
Trend Micro Email Encryption Gateway 5.5 - Command Injection
CVSS 8.8
CVE-2018-4924
CRITICAL
Adobe Dreamweaver < 18.0 - OS Command Injection
CVSS 9.8
CVE-2018-4923
CRITICAL
Adobe Connect < 9.7 - OS Command Injection
CVSS 9.1
CVE-2018-10967
HIGH
D-Link DIR-550A and DIR-604M < 2.10KR - OS Command Injection
CVSS 8.8
CVE-2018-10730
CRITICAL
Phoenix Contact FL SWITCH 3xxx/4xxx/48xx Firmware < 1.33 - OS Command Injection
CVSS 9.1
CVE-2018-1111
HIGH
DHCP Client Command Injection (DynoRoot)
CVSS 7.5
CVE-2018-0324
MEDIUM
Cisco Enterprise NFV Infrastructure Software - Authenticated OS Command Injection via CLI Parameter
CVSS 6.7
CVE-2018-0279
HIGH
Cisco Enterprise NFV Infrastructure Software < 3.6.3 - Authenticated OS Command Injection via SCP Server
CVSS 8.8
CVE-2018-6021
HIGH
Silex SD-320AN < 2.01 and GEH-SD-320AN < GEH-1.1 - Remote Code Execution via System Call Parameter
CVSS 7.4
CVE-2018-8866
HIGH
Vecna VGo Robot <3.0.3.52164 - Command Injection
CVSS 8.8
CVE-2018-1239
HIGH
Dell EMC Unity Operating Environment < 4.3.0.1522077968 - Authenticated OS Command Injection
CVSS 7.2
Details
Vulnerabilities
6,042
Exploit Likelihood
High