CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,057 vulnerabilities with CWE-78
CVE-2015-0977
IntraVue < 2.3.0a11 - Remote Code Execution
CVE-2014-125124 CRITICAL
Pandora FMS <= 5.0RC1 - Unauthenticated Remote Command Execution via Anyterm p Parameter
CVE-2014-125118 CRITICAL
eScan Web Management Console <5.5-2 - Command Injection
CVE-2014-0156 CRITICAL
ManageIQ Awesome Spawn 1.2.0-1.4.9 and Rubygems Awesome Spawn <1.2.0 - OS Command Injection via Command Arguments
CVSS 9.8
CVE-2014-8945 CRITICAL
Lexiglot <2014-11-20 - Command Injection
CVSS 9.8
CVE-2014-7173 CRITICAL
FarLinX X25 Gateway <2014-09-25 - Command Injection
CVSS 9.8
CVE-2014-2727 CRITICAL
MailMarshal < 7.2 - OS Command Injection via STARTTLS Plaintext Command
CVSS 9.8
CVE-2014-4981 CRITICAL
LPAR2RRD < 3.50 - Remote Command Execution via Web GUI Parameter Injection
CVSS 9.8
CVE-2014-8563 CRITICAL
Zimbra Collaboration Server < 8.0.9 - OS Command Injection via STARTTLS Plaintext
CVSS 9.8
CVE-2014-2650 CRITICAL
Unify OpenStage and OpenScape Desk Phone IP - OS Command Injection via Web Management Interface
CVSS 9.8
CVE-2014-0163 HIGH
OpenShift - OS Command Injection
CVSS 8.8
CVE-2014-0593 HIGH
open_build_service 0.5.3-1.1 - OS Command Injection via set_version Script
CVSS 7.8
CVE-2014-8389 CRITICAL
AirLive BU-3026, MD-3025, WL-2000CAM, POE-200CAM v2, and BU-2015 Firmware - OS Command Injection via wireless_mft.cgi
CVSS 9.8
CVE-2014-9284
Buffalo WHR-1166DHP/600D/WSR-600DHP/300HP2/WMR-300/WEX-300/BHR-4GRV2 Firmware Authenticated OS Command Injection
CVE-2014-9727
AVM Fritz!Box - Remote Command Execution via var:lang Parameter
CVE-2014-7269
ASUS RT-AC87U/RT-AC68U/RT-AC56S/RT-N66U/RT-N56U Firmware < 3.0.0.4.378.3754 - Authenticated OS Command Injection
CVE-2014-7253
FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D - OS Command Injection
CVE-2014-8387
Advantech EKI-6340 2.05 - Authenticated OS Command Injection via pinghost Parameter
CVE-2014-8334
WP-DBManager < 2.71 - Authenticated OS Command Injection via Backup Path Parameters
CVE-2014-6434
GoPro HERO 3+ - OS Command Injection via gpExec Restart Action Parameters
CVE-2014-5502
CyberoamOS < 10.6.1 - Authenticated OS Command Injection via Multiple Opcode Parameters
CVE-2014-4868
Brocade Vyatta 5400 - Command Injection
CVE-2014-4823
IBM Security Access Manager - Command Injection
CVE-2014-6278 HIGH KEV
GNU Bash through 4.3 bash43-026 - Remote Code Execution via Environment Variable Function Parsing
CVSS 8.8
CVE-2014-6277
GNU Bash through 4.3 bash43-026 - Remote Code Execution via Environment Variable Function Parsing
Details
Vulnerabilities 6,057
Exploit Likelihood High