CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,055 vulnerabilities with CWE-78
CVE-2017-6714 CRITICAL
Cisco Ultra Services Framework Staging Server <5.0.3-5.1 - RCE
CVSS 9.8
CVE-2017-6712 HIGH
Cisco Elastic Services Controller - Authenticated Privilege Escalation and OS Command Injection via Tomcat User
CVSS 8.8
CVE-2017-6707 HIGH
Cisco StarOS 11.0-21.0 - Authenticated OS Command Injection via CLI Command Parsing
CVSS 8.2
CVE-2017-1253 CRITICAL
IBM Security Guardium 10.0 - Authenticated OS Command Injection
CVSS 9.9
CVE-2017-8116 CRITICAL
Teltonika RUT9XX Firmware < 00.03.265 - Unauthenticated Remote Code Execution via Username Parameter
CVSS 9.8
CVE-2017-2850 HIGH
Foscam C1 Indoor HD Camera Firmware 2.52.2.37 - OS Command Injection via Username Change
CVSS 8.8
CVE-2017-2849 HIGH
Foscam C1 Indoor HD Camera Firmware 2.52.2.37 - OS Command Injection via NTP Server Configuration
CVSS 8.8
CVE-2017-2848 HIGH
Foscam C1 Indoor HD Camera Firmware 2.52.2.37 - OS Command Injection via Manual Network Configuration
CVSS 8.8
CVE-2017-2847 HIGH
Foscam C1 Indoor HD Camera Firmware 2.52.2.37 - OS Command Injection via Manual Network Configuration
CVSS 8.8
CVE-2017-2846 HIGH
Foscam C1 Indoor HD Camera Firmware 2.52.2.37 - OS Command Injection via Network Configuration
CVSS 8.8
CVE-2017-2845 HIGH
Foscam C1 Indoor HD Camera Firmware 2.52.2.37 - OS Command Injection via SMTP Configuration Test
CVSS 8.8
CVE-2017-2844 HIGH
Foscam C1 Indoor HD Camera Firmware 2.52.2.37 - OS Command Injection via msmtprc Configuration File
CVSS 8.8
CVE-2017-2843 HIGH
Foscam C1 Indoor HD Camera Firmware 2.52.2.37 - OS Command Injection via msmtprc Configuration File
CVSS 8.8
CVE-2017-2842 HIGH
Foscam C1 Indoor HD Camera Firmware 2.52.2.37 - OS Command Injection via msmtprc Configuration File
CVSS 8.8
CVE-2017-2841 HIGH
Foscam C1 Indoor HD Camera Firmware 2.52.2.37 - OS Command Injection via msmtprc Configuration File
CVSS 8.8
CVE-2017-9828 CRITICAL
VIVOTEK Network Cameras - Command Injection
CVSS 9.8
CVE-2017-2828 HIGH
Foscam C1 Indoor HD Camera Firmware 2.52.2.37 - OS Command Injection via Account Creation
CVSS 8.8
CVE-2017-2827 HIGH
Foscam C1 Indoor HD Camera Firmware 2.52.2.37 - OS Command Injection via Account Creation
CVSS 8.8
CVE-2017-9757 HIGH
IPFire < 2.19 - Authenticated Remote Command Injection via OINKCODE Parameter
CVSS 8.8
CVE-2017-9736 CRITICAL
SPIP 3.1.x < 3.1.6 and 3.2.x < Beta 3 - Remote Code Execution via Host Field
CVSS 9.8
CVE-2017-6683 HIGH
Cisco Elastic Services Controller 2.2(9.76) - Authenticated Remote Code Execution via esc_listener.py
CVSS 8.8
CVE-2017-6682 HIGH
Cisco Elastic Services Controller 2.2(9.76) - Authenticated OS Command Injection via ConfD CLI
CVSS 8.8
CVE-2017-2824 HIGH
Zabbix Server 2.4.X - Remote Code Execution via Trapper Command Injection
CVSS 8.1
CVE-2017-5173 CRITICAL
Geutebruck IP Camera G-Cam/EFD-2250 <1.11.0.12 - Command Injection
CVSS 9.8
CVE-2017-8799 CRITICAL
iRODS < 4.1.11 and 4.2.1 - Remote Code Execution via igetwild Virtual Pathname
CVSS 9.8
Details
Vulnerabilities 6,055
Exploit Likelihood High