CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,057 vulnerabilities with CWE-78
CVE-2016-5313 HIGH
Symantec Web Gateway < 5.2.2 - Authenticated OS Command Injection
CVSS 8.8
CVE-2016-10320 HIGH
textract < 1.4.0 - OS Command Injection via Filename in Process Function
CVSS 7.8
CVE-2016-9091 HIGH
Blue Coat ASG <6.6.5.4 & CAS <1.3.7.4 - Command Injection
CVSS 7.2
CVE-2016-6065 HIGH
IBM Security Guardium - Command Injection
CVSS 7.8
CVE-2016-10043 CRITICAL
Radisys MRF Web Panel (SWMS) 9.0.1 - Command Injection
CVSS 10.0
CVE-2016-6631 HIGH
phpMyAdmin <4.6.4, <4.4.15.8, <4.0.10.17 - RCE
CVSS 7.5
CVE-2016-2876 HIGH
IBM QRadar SIEM < 7.1 MR2 Patch 13 and 7.2 < 7.2.7 - Authenticated Privilege Escalation to Root via Command Injection
CVSS 7.5
CVE-2016-3028 CRITICAL
IBM Security Access Manager for Web 7.0-8.0 and Security Access Manager 9.0 - Authenticated OS Command Injection
CVSS 9.1
CVE-2016-0325 MEDIUM
IBM Rational Team Concert 3.0.1.6-4.0.7, 5.0-5.0.2, 6.0-6.0.2 - Authenticated OS Command Injection
CVSS 6.3
CVE-2016-6459 MEDIUM
Cisco TelePresence - Command Injection
CVSS 5.5
CVE-2016-1000216 HIGH
Ruckus Wireless H500 - Command Injection
CVSS 8.8
CVE-2016-6414 HIGH
Cisco IOS - OS Command Injection via IOx Command-Line Options
CVSS 7.8
CVE-2016-6373 HIGH
Cisco CSP 2100 2.0 - Command Injection
CVSS 7.2
CVE-2016-4965 HIGH
FortiWan < 4.2.5 - Authenticated Remote Code Execution via nslookup graph parameter
CVSS 8.8
CVE-2016-1482 HIGH
Cisco WebEx Meetings Server 2.6 - RCE
CVSS 8.1
CVE-2016-4853 HIGH
Happy Wardrobe - OS Command Injection via Crafted Saved Data
CVSS 7.8
CVE-2016-5679 HIGH
NUUO NVRmini <3.0.0 - Command Injection
CVSS 8.8
CVE-2016-1468 HIGH
Cisco TelePresence Video Communication Server Expressway X8.5.2 - C...
CVSS 8.8
CVE-2016-6147 CRITICAL
SAP TREX 7.10 Revision 63 - Remote Command Execution
CVSS 9.8
CVE-2016-1339 HIGH
Cisco UCS Platform Emulator <3.0.2c - Privilege Escalation
CVSS 7.8
CVE-2016-1352 CRITICAL
Cisco UCS Central Software <1.3(1b) - RCE
CVSS 9.8
CVE-2016-3655 CRITICAL
Palo Alto Networks PAN-OS <7.0.5 - RCE
CVSS 9.8
CVE-2016-1297 HIGH
Cisco ACE 4710 A5 <A5(3.1) - Auth Bypass
CVSS 8.8
CVE-2016-1320 MEDIUM
Cisco Prime Collaboration <11.0 - Command Injection
CVSS 6.7
CVE-2016-1141 MEDIUM
KDDI HOME SPOT CUBE <2 - Command Injection
CVSS 4.7
Details
Vulnerabilities 6,057
Exploit Likelihood High