CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,055 vulnerabilities with CWE-78
CVE-2017-6230 HIGH
Ruckus Networks Solo/SmartZone AP Firmware < R110.0/< R5.0 Authenticated OS Command Injection
CVSS 8.8
CVE-2017-6229 HIGH
Ruckuswireless R500 Firmware < 200.6.10.1.0 - OS Command Injection
CVSS 8.8
CVE-2017-1000393 HIGH
Jenkins <2.73.1, <2.83 - Command Injection
CVSS 8.8
CVE-2017-1000502 HIGH
Jenkins EC2 < 1.37 - Authenticated OS Command Injection via Agent Configuration
CVSS 8.8
CVE-2017-17407 CRITICAL
NetGain Systems Enterprise Manager v7.2.699 - RCE
CVSS 9.8
CVE-2017-16608 CRITICAL
Netgain Enterprise Manager < 7.2.766 - Unauthenticated Remote Code Execution via exec.jsp
CVSS 9.8
CVE-2017-16602 HIGH
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 8.8
CVE-2017-15108 HIGH
spice-vdagent <= 0.17.0 - OS Command Injection via Save Directory
CVSS 7.8
CVE-2017-14094 CRITICAL
Trend Micro Smart Protection Server <3.2 - Command Injection
CVSS 9.8
CVE-2017-18044 CRITICAL
Commvault < 11.0 - Unauthenticated OS Command Injection via CVDataPipe.dll Message Parsing
CVSS 9.8
CVE-2017-18025 CRITICAL
Innotube ITGuard-Manager 0.0.0.1 - OS Command Injection via Username Field
CVSS 9.8
CVE-2017-16666 HIGH
Xplico < 1.2.1 - Unauthenticated Remote Code Execution via PCAP File Upload
CVSS 8.8
CVE-2017-1000487 CRITICAL
Plexus-utils <3.0.16 - Command Injection
CVSS 9.8
CVE-2017-1000473 HIGH
linux-dash < 2.0 - OS Command Injection via Module Name Parsing
CVSS 7.8
CVE-2017-17888 HIGH
hoytech antiweb < 3.8.7 - Authenticated OS Command Injection via cgi-bin/write.cgi
CVSS 8.8
CVE-2017-17411 CRITICAL
Linksys WVBR0 < 1.0.41 - Unauthenticated Remote Code Execution via Web Management Portal
CVSS 9.8
CVE-2017-5255 HIGH
Cambium Networks ePMP <3.5 - Command Injection
CVSS 8.8
CVE-2017-15049 HIGH
Zoom < 2.0.115900.1201 - Remote Code Execution via zoommtg:// Scheme Handler
CVSS 8.8
CVE-2017-17758 HIGH
TP-Link TL-WVR and TL-WAR Firmware - Authenticated Remote Code Execution via Dhcps Interface Field
CVSS 8.8
CVE-2017-17757 HIGH
TP-Link TL-WVR and TL-WAR Firmware - Authenticated Remote Code Execution via Interface Field
CVSS 8.8
CVE-2017-17105 CRITICAL
Zivif Camera iptest.cgi Blind Remote Command Execution
CVSS 9.8
CVE-2017-15103 HIGH
Heketi < 5.0.1 - Authenticated Remote Command Execution via API Request
CVSS 8.8
CVE-2017-10904 CRITICAL
Qt for Android < 5.9.0 - Remote Code Execution
CVSS 9.8
CVE-2017-17405 HIGH
Ruby < 2.4.3 - OS Command Injection via Net::FTP Localfile Pipe Character
CVSS 8.8
CVE-2017-16921 HIGH
OTRS <6.0.1-4.0.26 - Command Injection
CVSS 8.8
Details
Vulnerabilities 6,055
Exploit Likelihood High