CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,042 vulnerabilities with CWE-78
CVE-2018-0221
MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Configuration Commands
CVSS 6.7
CVE-2018-0217
MEDIUM
Cisco ASR 5000 Series Firmware - Authenticated OS Command Injection via CLI
CVSS 6.7
CVE-2018-0214
MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Command Input
CVSS 5.3
CVE-2018-1000118
HIGH
Github Electron <1.8.2.4 - Command Injection
CVSS 8.8
CVE-2018-6530
CRITICAL
KEV
D-Link DIR-860L/865L/868L/880L Firmware - OS Command Injection via SOAP.cgi Service Parameter
CVSS 9.8
CVE-2018-7664
CRITICAL
ClipBucket < 4.0.0 - OS Command Injection via file_name Parameter
CVSS 9.8
CVE-2018-1169
HIGH
Amazon Music Player 6.1.5.1213 - RCE
CVSS 8.8
CVE-2018-7448
HIGH
CMS Made Simple 2.1.6 - Remote Code Execution via Timezone Parameter in Installation
CVSS 7.5
CVE-2018-7440
CRITICAL
leptonica < 1.75.3 - OS Command Injection via gplot rootname Argument
CVSS 9.8
CVE-2018-7046
HIGH
Kentico Xperience 9.0-11.0 - Authenticated Remote Code Execution via Template Layout C# Code Injection
CVSS 7.2
CVE-2018-7187
HIGH
GO < 1.9.5 - OS Command Injection
CVSS 8.8
CVE-2018-6911
CRITICAL
Advantech WebAccess 8.3.0 - Remote Code Execution via VBWinExec Command Parameter
CVSS 9.8
CVE-2018-6926
HIGH
MISP 2.4.87 - Authenticated OS Command Injection via Server Setting Path Override
CVSS 7.2
CVE-2018-1000043
CRITICAL
Security Onion Solutions Squert <1.6.7 - OS Command Injection
CVSS 9.8
CVE-2018-1000042
CRITICAL
Security Onion Solutions Squert <1.6.7 - OS Command Injection
CVSS 9.8
CVE-2018-1000019
HIGH
OpenEMR 5.0.0 - Authenticated OS Command Injection via fax_dispatch.php
CVSS 8.8
CVE-2018-0514
CRITICAL
MP Form Mail CGI eCommerce Edition < 2.0.13 - OS Command Injection
CVSS 9.8
CVE-2018-0512
MEDIUM
Iodata Hdl-xr Firmware < 2.01 - OS Command Injection
CVSS 6.8
CVE-2018-0122
MEDIUM
Cisco StarOS - Authenticated Arbitrary File Write via CLI Command Injection
CVSS 4.4
CVE-2018-6791
MEDIUM
KDE Plasma Workspace < 5.12.0 - OS Command Injection via vfat Thumbdrive Volume Label
CVSS 6.8
CVE-2018-1185
MEDIUM
EMC RecoverPoint <5.1.1, 5.0.1.3 - Command Injection
CVSS 6.7
CVE-2018-1184
MEDIUM
EMC RecoverPoint <5.1.1, 5.0.1.3 - Command Injection
CVSS 6.7
CVE-2018-6388
HIGH
iBall iB-WRA150N 1.2.6 - Authenticated OS Command Injection via Ping Test Arguments
CVSS 8.8
CVE-2018-6353
HIGH
Electrum < 2.9.4 and 3.x < 3.0.5 - Unauthenticated Remote Code Execution via Python Console
CVSS 7.8
CVE-2018-0506
CRITICAL
Nootka < 1.4.4 - Remote Code Execution
CVSS 9.8
Details
Vulnerabilities
6,042
Exploit Likelihood
High