CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,057 vulnerabilities with CWE-78
CVE-2015-6298
Cisco Web Security Appliance AsyncOS OS Command Injection via Certificate Generation
CVE-2015-5672
TYPE-MOON Visual Novels - Crafted Save OS Command Execution
CVE-2015-7253
Commvault Edge Server 10 R2 - Remote Code Execution via Serialized Cookie Data
CVE-2015-5673
ISUCON5 eventapp gcloud - HTTP Request Command Execution
CVE-2015-7901
Infinite Automation Mango Automation <2.6.0-430 - Command Injection
CVE-2015-7698
icewind1991 SMB <1.0.3 - Command Injection
CVE-2015-4718
ownCloud Server < 6.0.8, 7.0.x < 7.0.6, 8.0.x < 8.0.4 - Authenticated OS Command Injection via SMB Storage Driver
CVE-2015-6008
Web Reference Database <0.9.6 - Command Injection
CVE-2015-7310
McAfee Enterprise Security Manager < 9.3.2MR18, 9.4.x < 9.4.2MR8, 9.5.x < 9.5.0MR7 - OS Command Injection
CVE-2015-5690
Symantec Web Gateway <5.2.2 - Auth Bypass
CVE-2015-4330
Cisco TelePresence Video Communication Server Expressway X8.5.2 - OS Command Injection via Invalid Parameters
CVE-2015-2980
Yodobashi < 1.2.1.0 - Remote Code Execution via Crafted HTML Document
CVE-2015-2979
Webservice-DIC yoyaku_v41 - OS Command Injection
CVE-2015-4279
Cisco Unified Computing System 2.2(3b) - Privilege Escalation via Fabric Interconnect CLI
CVE-2015-4244
Cisco ASR 5000 Series Software 14.0 - Authenticated OS Command Injection via Compact Flash File
CVE-2015-4237
Cisco NX-OS - OS Command Injection via CLI Parser Filename Handling
CVE-2015-4224
Cisco Wireless LAN Controller Software 7.0(240.0) - Authenticated OS Command Injection via CLI Commands
CVE-2015-4186
Cisco Virtualization Experience Client 6000 Series Firmware 11.2(27.4) - OS Command Injection via Diagnostics Subsystem
CVE-2015-4183
Cisco UCS Central Software 1.2(1a) - OS Command Injection via CLI Parameter
CVE-2015-2955
Igreks MilkyStep <0.94 - Command Injection
CVE-2015-2845
GoAutoDial GoAdmin CE - OS Command Injection via cpanel PATH_INFO
CVE-2015-2844
GoAutoDial GoAdmin CE - Remote Code Execution via cpanel PATH_INFO Parameter
CVE-2015-0691
Cisco Secure Desktop - Remote Code Execution via Crafted Web Site
CVE-2015-1388
ArubaOS 5.x-6.2.x, 6.3.x < 6.3.1.15, 6.4.x < 6.4.2.4 - Remote Code Execution via RAP Console
CVE-2015-0525
EMC Secure Remote Services Virtual Edition 3.02-3.03 - OS Command Injection
Details
Vulnerabilities
6,057
Exploit Likelihood
High