CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,042 vulnerabilities with CWE-78
CVE-2017-14480
CRITICAL
MySQL Multi-Master Replication Manager 2.2.1 - OS Command Injection via MMM Protocol Message
CVSS 9.8
CVE-2017-14479
CRITICAL
MySQL Multi-Master Replication Manager 2.2.1 - OS Command Injection via MMM Protocol Message
CVSS 9.8
CVE-2017-14478
CRITICAL
MySQL Multi-Master Replication Manager <2.2.1 - Command Injection
CVSS 9.8
CVE-2017-14477
CRITICAL
MySQL Multi-Master Replication Manager 2.2.1 - OS Command Injection via MMM Protocol Message
CVSS 9.8
CVE-2017-14476
CRITICAL
MySQL Multi-Master Replication Manager <2.2.1 - Command Injection
CVSS 9.8
CVE-2017-14475
CRITICAL
MySQL Multi-Master Replication Manager <2.2.1 - Command Injection
CVSS 9.8
CVE-2017-14474
CRITICAL
MySQL Multi-Master Replication Manager 2.2.1 - OS Command Injection via MMM Protocol Message
CVSS 9.8
CVE-2017-17020
HIGH
D-Link DCS-5009 <1.08.11, DCS-5010 <1.14.09, DCS-5020L <1.15.01 Authenticated OS Command Injection
CVSS 8.8
CVE-2017-14459
CRITICAL
Moxa AWK-3131A <1.7 - OS Command Injection
CVSS 10.0
CVE-2017-7640
CRITICAL
QNAP Media Streaming add-on < 430.1.2.0 - Remote Code Execution
CVSS 9.8
CVE-2017-9274
HIGH
obs-service-source_validator <0.7 - Command Injection
CVSS 7.8
CVE-2017-14535
HIGH
Trixbox - 2.8.0.4 OS Command Injection
CVSS 8.8
CVE-2017-6230
HIGH
Ruckus Networks Solo/SmartZone AP Firmware < R110.0/< R5.0 Authenticated OS Command Injection
CVSS 8.8
CVE-2017-6229
HIGH
Ruckuswireless R500 Firmware < 200.6.10.1.0 - OS Command Injection
CVSS 8.8
CVE-2017-1000393
HIGH
Jenkins <2.73.1, <2.83 - Command Injection
CVSS 8.8
CVE-2017-1000502
HIGH
Jenkins EC2 < 1.37 - Authenticated OS Command Injection via Agent Configuration
CVSS 8.8
CVE-2017-17407
CRITICAL
NetGain Systems Enterprise Manager v7.2.699 - RCE
CVSS 9.8
CVE-2017-16608
CRITICAL
Netgain Enterprise Manager < 7.2.766 - Unauthenticated Remote Code Execution via exec.jsp
CVSS 9.8
CVE-2017-16602
HIGH
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 8.8
CVE-2017-15108
HIGH
spice-vdagent <= 0.17.0 - OS Command Injection via Save Directory
CVSS 7.8
CVE-2017-14094
CRITICAL
Trend Micro Smart Protection Server <3.2 - Command Injection
CVSS 9.8
CVE-2017-18044
CRITICAL
Commvault < 11.0 - Unauthenticated OS Command Injection via CVDataPipe.dll Message Parsing
CVSS 9.8
CVE-2017-18025
CRITICAL
Innotube ITGuard-Manager 0.0.0.1 - OS Command Injection via Username Field
CVSS 9.8
CVE-2017-16666
HIGH
Xplico < 1.2.1 - Unauthenticated Remote Code Execution via PCAP File Upload
CVSS 8.8
CVE-2017-1000487
CRITICAL
Plexus-utils <3.0.16 - Command Injection
CVSS 9.8
Details
Vulnerabilities
6,042
Exploit Likelihood
High