CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,057 vulnerabilities with CWE-78
CVE-2016-1142 CRITICAL
Seeds acmailer <3.8.21, <3.9.15 - Command Injection
CVSS 9.1
CVE-2015-10145 HIGH
Gargoyle router management utility <1.5.x - Command Injection
CVSS 8.8
CVE-2015-10141 CRITICAL
Xdebug < 2.5.5 - Unauthenticated OS Command Injection via Remote Debugger Interface
CVE-2015-2201 HIGH
Aruba AirWave 7.0.0-7.7.14.1 & 8.0.0.0-8.0.6 - Authenticated RCE & File Disclosure
CVSS 7.2
CVE-2015-3611 HIGH
FortiManager <5.2.1 & <5.0.10 - Command Injection
CVSS 8.8
CVE-2015-4117 HIGH
Vesta Control Panel < 0.9.8-14 - Authenticated Remote Code Execution via Backup Parameter
CVSS 8.8
CVE-2015-3431 CRITICAL
Pydio <6.0.7 - Command Injection
CVSS 9.8
CVE-2015-5958 HIGH
phpFileManager 0.9.8 - Command Injection
CVSS 8.8
CVE-2015-2280 HIGH
AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP Firmware - Authenticated OS Command Injection via mac Parameter
CVSS 8.8
CVE-2015-2279 CRITICAL
AirLive BU-2015, BU-3026, and MD-3025 - OS Command Injection via cgi_test.cgi Parameters
CVSS 9.8
CVE-2015-6396 HIGH
Cisco RV110W, RV130W, and RV215W - OS Command Injection via CLI Command Parser
CVSS 7.8
CVE-2015-7611 HIGH
Apache James Server < 2.3.2.1 - OS Command Injection
CVSS 8.1
CVE-2015-4642 CRITICAL
PHP < 5.4.42 - OS Command Injection via escapeshellarg Function
CVSS 9.8
CVE-2015-7769 MEDIUM
baserCMS <3.0.9 - Command Injection
CVSS 6.3
CVE-2015-8151 CRITICAL
Symantec Encryption Management Server <3.3.2 - Command Injection
CVSS 9.1
CVE-2015-4956 HIGH
IBM Security QRadar SIEM 7.1.x - Authenticated OS Command Injection
CVSS 7.4
CVE-2015-6435 CRITICAL
Cisco FX-OS < 1.1.2 and UCS Manager < 2.2(4b), 2.2(5)-2.2(5a), 3.0-3.0(2e) - Remote Command Execution via CGI Script
CVSS 9.8
CVE-2015-8557 CRITICAL
Pygments <2.0.2 - Remote Code Execution
CVSS 9.0
CVE-2015-7426 CRITICAL
IBM Tivoli Storage Manager <7.1.3.0 & Spectrum Protect Snapshot <4....
CVSS 10.0
CVE-2015-5018 HIGH
IBM Security Access Manager 7.0.0-7.0.0 FP19, 8.0-8.0.1.3 IF3, 9.0-9.0.0.0 IF1 - OS Command Injection
CVSS 8.0
CVE-2015-8024
McAfee ESM/ESMLM/ESMREC <9.3.2MR19-9.5.0MR8 - Auth Bypass
CVE-2015-6380
Cisco Firepower Extensible OS 1.1(1.160) Authenticated Command Injection via Web Interface
CVE-2015-6370
Cisco Firepower Extensible Operating System 1.1(1.160) - OS Command Injection via MIO CLI Input
CVE-2015-7774
PC-EGG pWebManager <3.3.10 & <2.2.2 (PHP 4.x) - Command Injection
CVE-2015-6554
Symantec Endpoint Protection Manager < 12.1-RU6-MP3 - Remote Code Execution
Details
Vulnerabilities 6,057
Exploit Likelihood High