CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,042 vulnerabilities with CWE-78
CVE-2017-14480 CRITICAL
MySQL Multi-Master Replication Manager 2.2.1 - OS Command Injection via MMM Protocol Message
CVSS 9.8
CVE-2017-14479 CRITICAL
MySQL Multi-Master Replication Manager 2.2.1 - OS Command Injection via MMM Protocol Message
CVSS 9.8
CVE-2017-14478 CRITICAL
MySQL Multi-Master Replication Manager <2.2.1 - Command Injection
CVSS 9.8
CVE-2017-14477 CRITICAL
MySQL Multi-Master Replication Manager 2.2.1 - OS Command Injection via MMM Protocol Message
CVSS 9.8
CVE-2017-14476 CRITICAL
MySQL Multi-Master Replication Manager <2.2.1 - Command Injection
CVSS 9.8
CVE-2017-14475 CRITICAL
MySQL Multi-Master Replication Manager <2.2.1 - Command Injection
CVSS 9.8
CVE-2017-14474 CRITICAL
MySQL Multi-Master Replication Manager 2.2.1 - OS Command Injection via MMM Protocol Message
CVSS 9.8
CVE-2017-17020 HIGH
D-Link DCS-5009 <1.08.11, DCS-5010 <1.14.09, DCS-5020L <1.15.01 Authenticated OS Command Injection
CVSS 8.8
CVE-2017-14459 CRITICAL
Moxa AWK-3131A <1.7 - OS Command Injection
CVSS 10.0
CVE-2017-7640 CRITICAL
QNAP Media Streaming add-on < 430.1.2.0 - Remote Code Execution
CVSS 9.8
CVE-2017-9274 HIGH
obs-service-source_validator <0.7 - Command Injection
CVSS 7.8
CVE-2017-14535 HIGH
Trixbox - 2.8.0.4 OS Command Injection
CVSS 8.8
CVE-2017-6230 HIGH
Ruckus Networks Solo/SmartZone AP Firmware < R110.0/< R5.0 Authenticated OS Command Injection
CVSS 8.8
CVE-2017-6229 HIGH
Ruckuswireless R500 Firmware < 200.6.10.1.0 - OS Command Injection
CVSS 8.8
CVE-2017-1000393 HIGH
Jenkins <2.73.1, <2.83 - Command Injection
CVSS 8.8
CVE-2017-1000502 HIGH
Jenkins EC2 < 1.37 - Authenticated OS Command Injection via Agent Configuration
CVSS 8.8
CVE-2017-17407 CRITICAL
NetGain Systems Enterprise Manager v7.2.699 - RCE
CVSS 9.8
CVE-2017-16608 CRITICAL
Netgain Enterprise Manager < 7.2.766 - Unauthenticated Remote Code Execution via exec.jsp
CVSS 9.8
CVE-2017-16602 HIGH
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 8.8
CVE-2017-15108 HIGH
spice-vdagent <= 0.17.0 - OS Command Injection via Save Directory
CVSS 7.8
CVE-2017-14094 CRITICAL
Trend Micro Smart Protection Server <3.2 - Command Injection
CVSS 9.8
CVE-2017-18044 CRITICAL
Commvault < 11.0 - Unauthenticated OS Command Injection via CVDataPipe.dll Message Parsing
CVSS 9.8
CVE-2017-18025 CRITICAL
Innotube ITGuard-Manager 0.0.0.1 - OS Command Injection via Username Field
CVSS 9.8
CVE-2017-16666 HIGH
Xplico < 1.2.1 - Unauthenticated Remote Code Execution via PCAP File Upload
CVSS 8.8
CVE-2017-1000487 CRITICAL
Plexus-utils <3.0.16 - Command Injection
CVSS 9.8
Details
Vulnerabilities 6,042
Exploit Likelihood High