CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,057 vulnerabilities with CWE-78
CVE-2017-6360
CRITICAL
QNAP QTS < 4.2.4 - OS Command Injection
CVSS 9.8
CVE-2017-6359
CRITICAL
QNAP QTS < 4.2.4 - OS Command Injection
CVSS 9.8
CVE-2017-6970
HIGH
AlienVault USM/OSSIM <5.3.7/NfSen <1.3.8 - Command Injection
CVSS 8.4
CVE-2017-6398
HIGH
Trend Micro InterScan Messaging Security Virtual Appliance 9.1-1600 - OS Command Injection via saveCert.imss
CVSS 8.8
CVE-2017-6334
HIGH
KEV
NETGEAR DGN2200 Series Firmware <= 10.0.0.50 - Authenticated OS Command Injection via dnslookup.cgi host_name Parameter
CVSS 8.8
CVE-2017-6077
CRITICAL
KEV
NETGEAR DGN2200 Firmware < 10.0.0.50 - Authenticated OS Command Injection via ping_IPAddr Parameter
CVSS 9.8
CVE-2017-3806
MEDIUM
Cisco Firepower - Command Injection
CVSS 5.3
CVE-2017-3796
HIGH
Cisco WebEx Meetings Server - Command Injection
CVSS 7.2
CVE-2016-15048
CRITICAL
AMTT Hotel Broadband Operation System - Command Injection
CVSS 9.8
CVE-2016-15047
HIGH
AVTECH IP Camera, NVR, and DVR Devices - Authenticated OS Command Injection via CloudSetup.cgi exefile Parameter
CVE-2016-20016
CRITICAL
MVPower TV-7104HE and TV7108HE Firmware - Unauthenticated Remote Code Execution via Web Shell
CVSS 9.8
CVE-2016-11061
CRITICAL
Xerox WorkCentre Multiple Models < 073.xxx.086.15410 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2016-11054
HIGH
NETGEAR DGN2200v4 Firmware < 2017-01-06 - OS Command Injection and FTP Insecure Root Directory
CVSS 7.2
CVE-2016-11022
HIGH
NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 - Remote Code Execution via reqMethod Parameter
CVSS 7.2
CVE-2016-11021
HIGH
KEV
D-Link DCS-930L Firmware < 2.12 - Remote Code Execution via SystemCommand Parameter
CVSS 7.2
CVE-2016-11017
CRITICAL
AKIPS Network Monitor 15.37-16.5 - Unauthenticated OS Command Injection via Username Parameter
CVSS 9.8
CVE-2016-10541
CRITICAL
shell-quote < 1.6.1 - OS Command Injection via Redirection Operator Escape Bypass
CVSS 9.8
CVE-2016-0291
HIGH
IBM BigFix Platform <9.1.8, <9.2.8 - Command Injection
CVSS 8.8
CVE-2016-10709
HIGH
pfSense < 2.2.6 - Authenticated OS Command Injection via Graph Parameter
CVSS 8.8
CVE-2016-1253
CRITICAL
Most package <5.0.0a-2.2-5.0.0a-3 - RCE
CVSS 9.8
CVE-2016-0634
HIGH
bash 4.3 - Authenticated Remote Code Execution via Prompt String Hostname Expansion
CVSS 7.5
CVE-2016-7844
MEDIUM
GigaCC OFFICE < 2.3 - Remote Code Execution via Mail Template
CVSS 5.5
CVE-2016-7819
HIGH
I-O DATA TS-WRLP and TS-WRLA <= 1.01.02 - Authenticated OS Command Injection
CVSS 7.2
CVE-2016-7806
CRITICAL
I-O DATA WFS-SR01 Firmware <= 1.10 - OS Command Injection
CVSS 9.8
CVE-2016-8721
CRITICAL
Moxa AWK-3131A <1.1 - Command Injection
CVSS 9.1
Details
Vulnerabilities
6,057
Exploit Likelihood
High