CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,055 vulnerabilities with CWE-78
CVE-2017-10953
HIGH
Foxit Reader 8.3.0.14878 - Remote Code Execution via gotoURL Method
CVSS 8.8
CVE-2017-9377
HIGH
Barco ClickShare CSM-1 and CSC-1 Firmware - OS Command Injection via Web API
CVSS 8.8
CVE-2017-15924
HIGH
shadowsocks-libev 3.1.0 - OS Command Injection via JSON Configuration Request
CVSS 7.8
CVE-2017-7341
HIGH
Fortinet FortiWLC - Command Injection
CVSS 7.2
CVE-2017-10955
HIGH
Dell EMC Data Protection Advisor 6.3.0 - Authenticated Remote Code Execution via preScript Parameter
CVSS 8.8
CVE-2017-3761
CRITICAL
Lenovo Service Framework - Command Injection
CVSS 9.8
CVE-2017-6224
HIGH
Ruckuswireless Zonedirector Firmware - OS Command Injection
CVSS 8.8
CVE-2017-6223
HIGH
Ruckus Zone Director Firmware < 9.13.0.0.232 - Authenticated OS Command Injection via Ping Functionality
CVSS 8.8
CVE-2017-15226
CRITICAL
Zyxel NBG6716 V1.00(AAKG.9)C0 - OS Command Injection via ozkerz Component
CVSS 9.8
CVE-2017-1000116
CRITICAL
Mercurial < 4.3 - OS Command Injection via SSH Hostname
CVSS 9.8
CVE-2017-11322
HIGH
UCOPIA Wireless Appliance < 5.1.7 - OS Command Injection via chroothole_client Argument
CVSS 8.2
CVE-2017-11321
HIGH
UCOPIA Wireless Appliance < 5.1.8 - Authenticated Privilege Escalation via Less Command Shell Metacharacter Injection
CVSS 7.2
CVE-2017-14867
HIGH
git < 2.10.4 - OS Command Injection via Unsafe Perl Scripts in CVS Subcommands
CVSS 8.8
CVE-2017-14001
HIGH
Digium Asterisk GUI <2.1.0 - Code Injection
CVSS 8.8
CVE-2017-14705
HIGH
DenyAll WAF < 6.4.1 - Unauthenticated Remote Code Execution via TailDateFile Type Parameter
CVSS 8.1
CVE-2017-11395
HIGH
Trend Micro Smart Protection Server 3.1-3.2 - Authenticated OS Command Injection
CVSS 8.8
CVE-2017-14500
HIGH
Newsbeuter 0.3-2.9 - Code Injection
CVSS 8.8
CVE-2017-9328
CRITICAL
TerraMaster Operating System < 3.0.33 - Remote Code Execution via GetTest.php Shell Metacharacter Injection
CVSS 9.8
CVE-2017-10813
MEDIUM
CG-WLR300NM Firmware < 1.90 - OS Command Injection
CVSS 6.8
CVE-2017-14429
CRITICAL
D-Link DIR-850L REV. A FW114WWb07 & REV. B FW208WWb02 - Unauthenticated RCE via DHCP Client
CVSS 9.8
CVE-2017-14405
HIGH
EyesOfNetwork eonweb <5.1 - Command Injection
CVSS 7.2
CVE-2017-6796
MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via USB Modem CLI Command
CVSS 6.7
CVE-2017-13713
HIGH
T&W WIFI Repeater BE126 - Authenticated Remote Code Execution via User Parameter
CVSS 8.8
CVE-2017-14135
CRITICAL
OpenDreambox 2.0.0 - Remote Code Execution
CVSS 9.8
CVE-2017-14127
CRITICAL
Technicolor TD5336 OI_Fw_v7 - Command Injection
CVSS 9.8
Details
Vulnerabilities
6,055
Exploit Likelihood
High