CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,055 vulnerabilities with CWE-78
CVE-2017-14119
HIGH
eyesofnetwork 5.1-0 - OS Command Injection via SNMPwalk Parameter
CVSS 8.8
CVE-2017-14118
HIGH
EyesOfNetwork <5.1 - Command Injection
CVSS 8.8
CVE-2017-14100
CRITICAL
Asterisk <11.25.2-14.6.1 - Command Injection
CVSS 9.8
CVE-2017-10951
HIGH
Foxit Reader 8.3.0.14878 - Remote Code Execution via app.launchURL Method
CVSS 8.8
CVE-2017-10832
CRITICAL
Dokodemo eye Smart HD SCR02HD Firmware <= 1.0.3.1000 - OS Command Injection
CVSS 9.8
CVE-2017-11366
CRITICAL
Codiad < 2.8.4 - Remote Code Execution via File Manager Search Parameter
CVSS 9.8
CVE-2017-10811
MEDIUM
Buffalo WCR-1166DS <= 1.30 - OS Command Injection
CVSS 6.8
CVE-2017-6710
HIGH
Cisco VNF Element Manager - Privilege Escalation
CVSS 8.1
CVE-2017-11150
HIGH
Synology Office 2.2.0-1502 and 2.2.1-1506 - Authenticated OS Command Injection via RTF Document Filename
CVSS 7.8
CVE-2017-12581
HIGH
Electron < 1.6.8 - Remote Code Execution via Node Integration Bypass
CVSS 8.1
CVE-2017-2281
HIGH
WN-AX1167GR <3.00 - Command Injection
CVSS 8.8
CVE-2017-11381
CRITICAL
Trend Micro Deep Discovery Director 1.1 - OS Command Injection
CVSS 9.8
CVE-2017-9483
CRITICAL
Cisco DPC3939 - Privilege Escalation
CVSS 9.8
CVE-2017-11566
HIGH
AppUse 4.0 - OS Command Injection via Proxy Field
CVSS 7.8
CVE-2017-11588
CRITICAL
Cisco DDR2200 and DDR2201v1 Residential Gateway Firmware - Remote Command Execution via PingAddr Parameter
CVSS 9.8
CVE-2017-2275
HIGH
Sony WG-C10 Firmware < 3.0.79 - OS Command Injection
CVSS 7.2
CVE-2017-6320
HIGH
Barracuda Load Balancer ADC < 6.0.1.006 - Authenticated OS Command Injection via delete_assessment Command
CVSS 8.8
CVE-2017-1318
HIGH
IBM MQ Appliance <9.0 - Command Injection
CVSS 8.8
CVE-2017-11318
HIGH
Cobian Backup 11 - Remote Code Execution via Pre-Backup Event Command Injection
CVSS 8.1
CVE-2017-1000009
CRITICAL
Akeneo PIM CE/EE <1.6.6/<1.5.15/<1.4.28 - Code Injection
CVSS 9.8
CVE-2017-4053
CRITICAL
McAfee ATD <3.10-3.4 - Command Injection
CVSS 9.8
CVE-2017-7175
CRITICAL
nfsen < 1.3.7 - Remote Code Execution via Custom Output Format Parameter
CVSS 9.9
CVE-2017-2237
CRITICAL
Toshiba HEM-GW16A and HEM-GW26A Firmware <= V1.2.0 - OS Command Injection
CVSS 9.8
CVE-2017-2185
HIGH
HOME SPOT CUBE2 <V101 - Command Injection
CVSS 8.8
CVE-2017-2183
HIGH
HOME SPOT CUBE2 <V101 - Command Injection
CVSS 8.0
Details
Vulnerabilities
6,055
Exploit Likelihood
High