CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,055 vulnerabilities with CWE-78
CVE-2017-10953 HIGH
Foxit Reader 8.3.0.14878 - Remote Code Execution via gotoURL Method
CVSS 8.8
CVE-2017-9377 HIGH
Barco ClickShare CSM-1 and CSC-1 Firmware - OS Command Injection via Web API
CVSS 8.8
CVE-2017-15924 HIGH
shadowsocks-libev 3.1.0 - OS Command Injection via JSON Configuration Request
CVSS 7.8
CVE-2017-7341 HIGH
Fortinet FortiWLC - Command Injection
CVSS 7.2
CVE-2017-10955 HIGH
Dell EMC Data Protection Advisor 6.3.0 - Authenticated Remote Code Execution via preScript Parameter
CVSS 8.8
CVE-2017-3761 CRITICAL
Lenovo Service Framework - Command Injection
CVSS 9.8
CVE-2017-6224 HIGH
Ruckuswireless Zonedirector Firmware - OS Command Injection
CVSS 8.8
CVE-2017-6223 HIGH
Ruckus Zone Director Firmware < 9.13.0.0.232 - Authenticated OS Command Injection via Ping Functionality
CVSS 8.8
CVE-2017-15226 CRITICAL
Zyxel NBG6716 V1.00(AAKG.9)C0 - OS Command Injection via ozkerz Component
CVSS 9.8
CVE-2017-1000116 CRITICAL
Mercurial < 4.3 - OS Command Injection via SSH Hostname
CVSS 9.8
CVE-2017-11322 HIGH
UCOPIA Wireless Appliance < 5.1.7 - OS Command Injection via chroothole_client Argument
CVSS 8.2
CVE-2017-11321 HIGH
UCOPIA Wireless Appliance < 5.1.8 - Authenticated Privilege Escalation via Less Command Shell Metacharacter Injection
CVSS 7.2
CVE-2017-14867 HIGH
git < 2.10.4 - OS Command Injection via Unsafe Perl Scripts in CVS Subcommands
CVSS 8.8
CVE-2017-14001 HIGH
Digium Asterisk GUI <2.1.0 - Code Injection
CVSS 8.8
CVE-2017-14705 HIGH
DenyAll WAF < 6.4.1 - Unauthenticated Remote Code Execution via TailDateFile Type Parameter
CVSS 8.1
CVE-2017-11395 HIGH
Trend Micro Smart Protection Server 3.1-3.2 - Authenticated OS Command Injection
CVSS 8.8
CVE-2017-14500 HIGH
Newsbeuter 0.3-2.9 - Code Injection
CVSS 8.8
CVE-2017-9328 CRITICAL
TerraMaster Operating System < 3.0.33 - Remote Code Execution via GetTest.php Shell Metacharacter Injection
CVSS 9.8
CVE-2017-10813 MEDIUM
CG-WLR300NM Firmware < 1.90 - OS Command Injection
CVSS 6.8
CVE-2017-14429 CRITICAL
D-Link DIR-850L REV. A FW114WWb07 & REV. B FW208WWb02 - Unauthenticated RCE via DHCP Client
CVSS 9.8
CVE-2017-14405 HIGH
EyesOfNetwork eonweb <5.1 - Command Injection
CVSS 7.2
CVE-2017-6796 MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via USB Modem CLI Command
CVSS 6.7
CVE-2017-13713 HIGH
T&W WIFI Repeater BE126 - Authenticated Remote Code Execution via User Parameter
CVSS 8.8
CVE-2017-14135 CRITICAL
OpenDreambox 2.0.0 - Remote Code Execution
CVSS 9.8
CVE-2017-14127 CRITICAL
Technicolor TD5336 OI_Fw_v7 - Command Injection
CVSS 9.8
Details
Vulnerabilities 6,055
Exploit Likelihood High