CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,057 vulnerabilities with CWE-78
CVE-2017-5173
CRITICAL
Geutebruck IP Camera G-Cam/EFD-2250 <1.11.0.12 - Command Injection
CVSS 9.8
CVE-2017-8799
CRITICAL
iRODS < 4.1.11 and 4.2.1 - Remote Code Execution via igetwild Virtual Pathname
CVSS 9.8
CVE-2017-8768
CRITICAL
Atlassian SourceTree < 2.5c - OS Command Injection via sourcetree:// URL Scheme
CVSS 9.8
CVE-2017-7981
HIGH
Tuleap < 9.7 - Authenticated OS Command Injection via PhpWiki SyntaxHighlighter Plugin
CVSS 8.8
CVE-2017-2152
MEDIUM
WNC01WH <1.0.0.9 - Command Injection
CVSS 6.8
CVE-2017-2141
HIGH
WN-G300R3 <1.03 - Command Injection
CVSS 7.2
CVE-2017-2128
HIGH
Website Operators Guide - Command Injection
CVSS 8.8
CVE-2017-2112
HIGH
I-O DATA TS Series Camera Firmware - OS Command Injection
CVSS 8.8
CVE-2017-2096
CRITICAL
smalruby-editor < 0.4.0 - OS Command Injection
CVSS 9.8
CVE-2017-8220
CRITICAL
TP-Link C2 and C20i < 0.9.1_4.2_v0032.0_build_160706 - Remote Code Execution via HTTP POST Host Parameter
CVSS 9.9
CVE-2017-3506
HIGH
KEV
Oracle WebLogic Server 10.3.6.0, 12.1.3.0, 12.2.1.0-12.2.1.2 - Unauthenticated OS Command Injection via HTTP
CVSS 7.4
CVE-2017-8051
CRITICAL
Tenable Appliance 3.5-4.4.0 - OS Command Injection via tns_appliance_session_user Parameter
CVSS 9.8
CVE-2017-7690
HIGH
Proxifier for Mac <2.19.2 - Privilege Escalation
CVSS 7.8
CVE-2017-6606
MEDIUM
Cisco IOS XE - Unauthenticated OS Command Injection via Startup Script
CVSS 6.4
CVE-2017-6602
MEDIUM
Cisco UCS Manager, Firepower 4100/9300 - Authenticated OS Command Injection via CLI
CVSS 4.4
CVE-2017-6601
HIGH
Cisco UCS Manager, Firepower 4100/9300 - Authenticated OS Command Injection via CLI
CVSS 7.1
CVE-2017-6600
HIGH
Cisco UCS Manager, Firepower 4100/9300 - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2017-6597
HIGH
Cisco UCS Manager, Firepower 4100/9300 - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2017-6884
HIGH
KEV
Zyxel EMG2926 V1.00(AAQT.4)b8 - Command Injection
CVSS 8.8
CVE-2017-7414
HIGH
Horde_Crypt <2.7.6 - Command Injection
CVSS 7.5
CVE-2017-7413
HIGH
Horde_Crypt <2.7.6 - Command Injection
CVSS 8.8
CVE-2017-6182
CRITICAL
Sophos Web Appliance < 4.3.1.2 - Remote Command Injection via Report Generation Functions
CVSS 9.8
CVE-2017-5330
HIGH
ark <16.12.1 - Remote Code Execution
CVSS 7.8
CVE-2017-6087
HIGH
EyesOfNetwork eonweb < 5.0-0 - Authenticated OS Command Injection via selected_events[] Parameter
CVSS 8.8
CVE-2017-6361
CRITICAL
QNAP QTS < 4.2.4 - OS Command Injection
CVSS 9.8
Details
Vulnerabilities
6,057
Exploit Likelihood
High