CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,042 vulnerabilities with CWE-78
CVE-2018-0221 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Configuration Commands
CVSS 6.7
CVE-2018-0217 MEDIUM
Cisco ASR 5000 Series Firmware - Authenticated OS Command Injection via CLI
CVSS 6.7
CVE-2018-0214 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Command Input
CVSS 5.3
CVE-2018-1000118 HIGH
Github Electron <1.8.2.4 - Command Injection
CVSS 8.8
CVE-2018-6530 CRITICAL KEV
D-Link DIR-860L/865L/868L/880L Firmware - OS Command Injection via SOAP.cgi Service Parameter
CVSS 9.8
CVE-2018-7664 CRITICAL
ClipBucket < 4.0.0 - OS Command Injection via file_name Parameter
CVSS 9.8
CVE-2018-1169 HIGH
Amazon Music Player 6.1.5.1213 - RCE
CVSS 8.8
CVE-2018-7448 HIGH
CMS Made Simple 2.1.6 - Remote Code Execution via Timezone Parameter in Installation
CVSS 7.5
CVE-2018-7440 CRITICAL
leptonica < 1.75.3 - OS Command Injection via gplot rootname Argument
CVSS 9.8
CVE-2018-7046 HIGH
Kentico Xperience 9.0-11.0 - Authenticated Remote Code Execution via Template Layout C# Code Injection
CVSS 7.2
CVE-2018-7187 HIGH
GO < 1.9.5 - OS Command Injection
CVSS 8.8
CVE-2018-6911 CRITICAL
Advantech WebAccess 8.3.0 - Remote Code Execution via VBWinExec Command Parameter
CVSS 9.8
CVE-2018-6926 HIGH
MISP 2.4.87 - Authenticated OS Command Injection via Server Setting Path Override
CVSS 7.2
CVE-2018-1000043 CRITICAL
Security Onion Solutions Squert <1.6.7 - OS Command Injection
CVSS 9.8
CVE-2018-1000042 CRITICAL
Security Onion Solutions Squert <1.6.7 - OS Command Injection
CVSS 9.8
CVE-2018-1000019 HIGH
OpenEMR 5.0.0 - Authenticated OS Command Injection via fax_dispatch.php
CVSS 8.8
CVE-2018-0514 CRITICAL
MP Form Mail CGI eCommerce Edition < 2.0.13 - OS Command Injection
CVSS 9.8
CVE-2018-0512 MEDIUM
Iodata Hdl-xr Firmware < 2.01 - OS Command Injection
CVSS 6.8
CVE-2018-0122 MEDIUM
Cisco StarOS - Authenticated Arbitrary File Write via CLI Command Injection
CVSS 4.4
CVE-2018-6791 MEDIUM
KDE Plasma Workspace < 5.12.0 - OS Command Injection via vfat Thumbdrive Volume Label
CVSS 6.8
CVE-2018-1185 MEDIUM
EMC RecoverPoint <5.1.1, 5.0.1.3 - Command Injection
CVSS 6.7
CVE-2018-1184 MEDIUM
EMC RecoverPoint <5.1.1, 5.0.1.3 - Command Injection
CVSS 6.7
CVE-2018-6388 HIGH
iBall iB-WRA150N 1.2.6 - Authenticated OS Command Injection via Ping Test Arguments
CVSS 8.8
CVE-2018-6353 HIGH
Electrum < 2.9.4 and 3.x < 3.0.5 - Unauthenticated Remote Code Execution via Python Console
CVSS 7.8
CVE-2018-0506 CRITICAL
Nootka < 1.4.4 - Remote Code Execution
CVSS 9.8
Details
Vulnerabilities 6,042
Exploit Likelihood High