CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,057 vulnerabilities with CWE-78
CVE-2017-5173 CRITICAL
Geutebruck IP Camera G-Cam/EFD-2250 <1.11.0.12 - Command Injection
CVSS 9.8
CVE-2017-8799 CRITICAL
iRODS < 4.1.11 and 4.2.1 - Remote Code Execution via igetwild Virtual Pathname
CVSS 9.8
CVE-2017-8768 CRITICAL
Atlassian SourceTree < 2.5c - OS Command Injection via sourcetree:// URL Scheme
CVSS 9.8
CVE-2017-7981 HIGH
Tuleap < 9.7 - Authenticated OS Command Injection via PhpWiki SyntaxHighlighter Plugin
CVSS 8.8
CVE-2017-2152 MEDIUM
WNC01WH <1.0.0.9 - Command Injection
CVSS 6.8
CVE-2017-2141 HIGH
WN-G300R3 <1.03 - Command Injection
CVSS 7.2
CVE-2017-2128 HIGH
Website Operators Guide - Command Injection
CVSS 8.8
CVE-2017-2112 HIGH
I-O DATA TS Series Camera Firmware - OS Command Injection
CVSS 8.8
CVE-2017-2096 CRITICAL
smalruby-editor < 0.4.0 - OS Command Injection
CVSS 9.8
CVE-2017-8220 CRITICAL
TP-Link C2 and C20i < 0.9.1_4.2_v0032.0_build_160706 - Remote Code Execution via HTTP POST Host Parameter
CVSS 9.9
CVE-2017-3506 HIGH KEV
Oracle WebLogic Server 10.3.6.0, 12.1.3.0, 12.2.1.0-12.2.1.2 - Unauthenticated OS Command Injection via HTTP
CVSS 7.4
CVE-2017-8051 CRITICAL
Tenable Appliance 3.5-4.4.0 - OS Command Injection via tns_appliance_session_user Parameter
CVSS 9.8
CVE-2017-7690 HIGH
Proxifier for Mac <2.19.2 - Privilege Escalation
CVSS 7.8
CVE-2017-6606 MEDIUM
Cisco IOS XE - Unauthenticated OS Command Injection via Startup Script
CVSS 6.4
CVE-2017-6602 MEDIUM
Cisco UCS Manager, Firepower 4100/9300 - Authenticated OS Command Injection via CLI
CVSS 4.4
CVE-2017-6601 HIGH
Cisco UCS Manager, Firepower 4100/9300 - Authenticated OS Command Injection via CLI
CVSS 7.1
CVE-2017-6600 HIGH
Cisco UCS Manager, Firepower 4100/9300 - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2017-6597 HIGH
Cisco UCS Manager, Firepower 4100/9300 - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2017-6884 HIGH KEV
Zyxel EMG2926 V1.00(AAQT.4)b8 - Command Injection
CVSS 8.8
CVE-2017-7414 HIGH
Horde_Crypt <2.7.6 - Command Injection
CVSS 7.5
CVE-2017-7413 HIGH
Horde_Crypt <2.7.6 - Command Injection
CVSS 8.8
CVE-2017-6182 CRITICAL
Sophos Web Appliance < 4.3.1.2 - Remote Command Injection via Report Generation Functions
CVSS 9.8
CVE-2017-5330 HIGH
ark <16.12.1 - Remote Code Execution
CVSS 7.8
CVE-2017-6087 HIGH
EyesOfNetwork eonweb < 5.0-0 - Authenticated OS Command Injection via selected_events[] Parameter
CVSS 8.8
CVE-2017-6361 CRITICAL
QNAP QTS < 4.2.4 - OS Command Injection
CVSS 9.8
Details
Vulnerabilities 6,057
Exploit Likelihood High