CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,055 vulnerabilities with CWE-78
CVE-2017-14119 HIGH
eyesofnetwork 5.1-0 - OS Command Injection via SNMPwalk Parameter
CVSS 8.8
CVE-2017-14118 HIGH
EyesOfNetwork <5.1 - Command Injection
CVSS 8.8
CVE-2017-14100 CRITICAL
Asterisk <11.25.2-14.6.1 - Command Injection
CVSS 9.8
CVE-2017-10951 HIGH
Foxit Reader 8.3.0.14878 - Remote Code Execution via app.launchURL Method
CVSS 8.8
CVE-2017-10832 CRITICAL
Dokodemo eye Smart HD SCR02HD Firmware <= 1.0.3.1000 - OS Command Injection
CVSS 9.8
CVE-2017-11366 CRITICAL
Codiad < 2.8.4 - Remote Code Execution via File Manager Search Parameter
CVSS 9.8
CVE-2017-10811 MEDIUM
Buffalo WCR-1166DS <= 1.30 - OS Command Injection
CVSS 6.8
CVE-2017-6710 HIGH
Cisco VNF Element Manager - Privilege Escalation
CVSS 8.1
CVE-2017-11150 HIGH
Synology Office 2.2.0-1502 and 2.2.1-1506 - Authenticated OS Command Injection via RTF Document Filename
CVSS 7.8
CVE-2017-12581 HIGH
Electron < 1.6.8 - Remote Code Execution via Node Integration Bypass
CVSS 8.1
CVE-2017-2281 HIGH
WN-AX1167GR <3.00 - Command Injection
CVSS 8.8
CVE-2017-11381 CRITICAL
Trend Micro Deep Discovery Director 1.1 - OS Command Injection
CVSS 9.8
CVE-2017-9483 CRITICAL
Cisco DPC3939 - Privilege Escalation
CVSS 9.8
CVE-2017-11566 HIGH
AppUse 4.0 - OS Command Injection via Proxy Field
CVSS 7.8
CVE-2017-11588 CRITICAL
Cisco DDR2200 and DDR2201v1 Residential Gateway Firmware - Remote Command Execution via PingAddr Parameter
CVSS 9.8
CVE-2017-2275 HIGH
Sony WG-C10 Firmware < 3.0.79 - OS Command Injection
CVSS 7.2
CVE-2017-6320 HIGH
Barracuda Load Balancer ADC < 6.0.1.006 - Authenticated OS Command Injection via delete_assessment Command
CVSS 8.8
CVE-2017-1318 HIGH
IBM MQ Appliance <9.0 - Command Injection
CVSS 8.8
CVE-2017-11318 HIGH
Cobian Backup 11 - Remote Code Execution via Pre-Backup Event Command Injection
CVSS 8.1
CVE-2017-1000009 CRITICAL
Akeneo PIM CE/EE <1.6.6/<1.5.15/<1.4.28 - Code Injection
CVSS 9.8
CVE-2017-4053 CRITICAL
McAfee ATD <3.10-3.4 - Command Injection
CVSS 9.8
CVE-2017-7175 CRITICAL
nfsen < 1.3.7 - Remote Code Execution via Custom Output Format Parameter
CVSS 9.9
CVE-2017-2237 CRITICAL
Toshiba HEM-GW16A and HEM-GW26A Firmware <= V1.2.0 - OS Command Injection
CVSS 9.8
CVE-2017-2185 HIGH
HOME SPOT CUBE2 <V101 - Command Injection
CVSS 8.8
CVE-2017-2183 HIGH
HOME SPOT CUBE2 <V101 - Command Injection
CVSS 8.0
Details
Vulnerabilities 6,055
Exploit Likelihood High