CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,055 vulnerabilities with CWE-78
CVE-2017-6230
HIGH
Ruckus Networks Solo/SmartZone AP Firmware < R110.0/< R5.0 Authenticated OS Command Injection
CVSS 8.8
CVE-2017-6229
HIGH
Ruckuswireless R500 Firmware < 200.6.10.1.0 - OS Command Injection
CVSS 8.8
CVE-2017-1000393
HIGH
Jenkins <2.73.1, <2.83 - Command Injection
CVSS 8.8
CVE-2017-1000502
HIGH
Jenkins EC2 < 1.37 - Authenticated OS Command Injection via Agent Configuration
CVSS 8.8
CVE-2017-17407
CRITICAL
NetGain Systems Enterprise Manager v7.2.699 - RCE
CVSS 9.8
CVE-2017-16608
CRITICAL
Netgain Enterprise Manager < 7.2.766 - Unauthenticated Remote Code Execution via exec.jsp
CVSS 9.8
CVE-2017-16602
HIGH
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 8.8
CVE-2017-15108
HIGH
spice-vdagent <= 0.17.0 - OS Command Injection via Save Directory
CVSS 7.8
CVE-2017-14094
CRITICAL
Trend Micro Smart Protection Server <3.2 - Command Injection
CVSS 9.8
CVE-2017-18044
CRITICAL
Commvault < 11.0 - Unauthenticated OS Command Injection via CVDataPipe.dll Message Parsing
CVSS 9.8
CVE-2017-18025
CRITICAL
Innotube ITGuard-Manager 0.0.0.1 - OS Command Injection via Username Field
CVSS 9.8
CVE-2017-16666
HIGH
Xplico < 1.2.1 - Unauthenticated Remote Code Execution via PCAP File Upload
CVSS 8.8
CVE-2017-1000487
CRITICAL
Plexus-utils <3.0.16 - Command Injection
CVSS 9.8
CVE-2017-1000473
HIGH
linux-dash < 2.0 - OS Command Injection via Module Name Parsing
CVSS 7.8
CVE-2017-17888
HIGH
hoytech antiweb < 3.8.7 - Authenticated OS Command Injection via cgi-bin/write.cgi
CVSS 8.8
CVE-2017-17411
CRITICAL
Linksys WVBR0 < 1.0.41 - Unauthenticated Remote Code Execution via Web Management Portal
CVSS 9.8
CVE-2017-5255
HIGH
Cambium Networks ePMP <3.5 - Command Injection
CVSS 8.8
CVE-2017-15049
HIGH
Zoom < 2.0.115900.1201 - Remote Code Execution via zoommtg:// Scheme Handler
CVSS 8.8
CVE-2017-17758
HIGH
TP-Link TL-WVR and TL-WAR Firmware - Authenticated Remote Code Execution via Dhcps Interface Field
CVSS 8.8
CVE-2017-17757
HIGH
TP-Link TL-WVR and TL-WAR Firmware - Authenticated Remote Code Execution via Interface Field
CVSS 8.8
CVE-2017-17105
CRITICAL
Zivif Camera iptest.cgi Blind Remote Command Execution
CVSS 9.8
CVE-2017-15103
HIGH
Heketi < 5.0.1 - Authenticated Remote Command Execution via API Request
CVSS 8.8
CVE-2017-10904
CRITICAL
Qt for Android < 5.9.0 - Remote Code Execution
CVSS 9.8
CVE-2017-17405
HIGH
Ruby < 2.4.3 - OS Command Injection via Net::FTP Localfile Pipe Character
CVSS 8.8
CVE-2017-16921
HIGH
OTRS <6.0.1-4.0.26 - Command Injection
CVSS 8.8
Details
Vulnerabilities
6,055
Exploit Likelihood
High