CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,055 vulnerabilities with CWE-78
CVE-2017-17458
CRITICAL
Mercurial < 4.4.1 - Remote Code Execution via Malformed Git Subrepository
CVSS 9.8
CVE-2017-17055
CRITICAL
Artica Web Proxy <3.06.112911 - XSS
CVSS 9.0
CVE-2017-10902
CRITICAL
PTW-WMS1 Firmware 2.000.012 - OS Command Injection
CVSS 9.8
CVE-2017-1000159
HIGH
Evince <3.25.91 - Command Injection
CVSS 7.8
CVE-2017-1000214
CRITICAL
GitPHP by xiphux - Command Injection
CVSS 9.8
CVE-2017-16960
HIGH
TP-Link TL-WVR/TL-WAR/TL-ER/TL-R - Command Injection
CVSS 8.8
CVE-2017-16958
HIGH
TP-Link TL-WVR,TL-WAR,TL-ER,TL-R - Command Injection
CVSS 8.8
CVE-2017-16957
HIGH
TP-Link TL-WVR/TL-WAR/TL-ER/TL-R - Command Injection
CVSS 8.8
CVE-2017-16934
CRITICAL
dbltek web_server - Authenticated OS Command Injection via change_password.csp passwd Parameter
CVSS 9.8
CVE-2017-16926
CRITICAL
ohcount 3.0.0 - OS Command Injection via Crafted Filenames
CVSS 9.8
CVE-2017-16923
HIGH
Tenda AC9, AC15, AC18 Firmware - Unauthenticated OS Command Injection via usbeject GET Parameter
CVSS 8.8
CVE-2017-1000215
CRITICAL
ROOT xrootd <4.6.0 - Command Injection
CVSS 9.8
CVE-2017-1000203
HIGH
ROOT < 6.9.03 - Authenticated Remote Code Execution via Shell Metacharacter Injection in rootd Daemon
CVSS 8.8
CVE-2017-1000235
CRITICAL
I, Librarian <4.6-4.7 - Command Injection
CVSS 9.8
CVE-2017-1000220
CRITICAL
soyuka/pidusage <=1.1.4 - Command Injection
CVSS 9.8
CVE-2017-1000219
CRITICAL
npm/KyleRoss windows-cpu - Command Injection
CVSS 9.8
CVE-2017-12305
MEDIUM
Cisco IP Phone 8800 - Command Injection
CVSS 6.7
CVE-2017-12636
HIGH
Apache CouchDB < 1.7.0 and 2.x < 2.1.1 - Authenticated OS Command Injection via Configuration Options
CVSS 7.2
CVE-2017-1453
HIGH
IBM Security Access Manager 9.0.3 - Authenticated OS Command Injection
CVSS 8.8
CVE-2017-16667
HIGH
backintime <1.1.24 - Code Injection
CVSS 7.8
CVE-2017-16641
HIGH
Cacti 1.1.27 - Authenticated OS Command Injection via path_rrdtool Parameter
CVSS 7.2
CVE-2017-2917
HIGH
Circle with Disney 2.0.1 - OS Command Injection via Notifications Functionality
CVSS 8.8
CVE-2017-2890
HIGH
Circle with Disney 2.0.1 - OS Command Injection via /api/CONFIG/restore
CVSS 8.8
CVE-2017-2866
HIGH
Circle with Disney - OS Command Injection via /api/CONFIG/backup Endpoint
CVSS 8.8
CVE-2017-12243
HIGH
Cisco UCS Manager - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities
6,055
Exploit Likelihood
High