CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,057 vulnerabilities with CWE-78
CVE-2014-3360
Cisco IOS 12.4/15.0-15.4 & IOS XE 3.1.xS-3.12S DoS via Crafted SIP Message
CVE-2014-3358
Cisco IOS 15.0-15.4 & IOS XE DoS via Malformed mDNS Packets
CVE-2014-3357
Cisco IOS 15.0-15.2, 15.4 & IOS XE mDNS Packet DoS
CVE-2014-7169
CRITICAL
KEV
GNU Bash < 4.3 - Remote Code Execution via Malformed Environment Variable Function Definitions
CVSS 9.8
CVE-2014-6271
CRITICAL
KEV
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
CVSS 9.8
CVE-2014-3085
IBM Global Console Manager 16 and 32 Firmware < 1.20.0.22575 - Authenticated OS Command Injection via lpres Parameter
CVE-2014-4326
Elasticsearch Logstash <1.4.2 - RCE
CVE-2014-1987
Cybozu Garoon 3.1.0-3.7 SP3 - Remote Code Execution via CGI Component
CVE-2014-3418
Infoblox NetMRI < 6.8.5 - OS Command Injection via skipjackUsername Parameter
CVE-2014-2967
Autodesk VRED Professional 2014 - Remote Code Execution via Python API Commands
CVE-2014-3883
Usermin < 1.600 - Remote Code Execution
CVE-2014-2507
EMC Documentum Content Server <7.1 - Command Injection
CVE-2014-2959
Dell PowerVault ML6000 Firmware < i8.2.0.2 - Remote Code Execution via logViewer.htm Pathname Parameter
CVE-2014-3121
rxvt-unicode < 9.19 - Remote Code Execution via OSC Escape Sequence Handling
CVE-2014-2935
Caldera 9.20 - OS Command Injection via XMLRPC MethodCall Element
CVE-2014-2565
Blue Coat CAS <1.1.4.2 - Command Injection
CVE-2014-3008
Unitrends Enterprise Backup 7.3.0 - Authenticated OS Command Injection via SNMPD Comm Parameter
CVE-2014-3007
Pillow < 2.5.0 - OS Command Injection in JpegImagePlugin
CVE-2014-2707
cups-filters 1.0.41-1.0.51 - Remote Code Execution via IPP Printer Model or PDL
CVE-2014-2874
CommonSpot Content Server < 7.0.2 and 8.x < 8.0.3 - Remote Code Execution via Shell Metacharacter Injection
CVE-2014-0359
Xangati XSR <11 - Command Injection
CVE-2014-0356
ZyXEL Wireless N300 NetUSB NBG-419N 1.00(BFQ.6)C0 - RCE
CVE-2014-2850
Sophos Web Appliance Firmware < 3.8.2 - Authenticated OS Command Injection via Network Interface Address Parameter
CVE-2014-1982
Allied Telesis AT-RG634A, iMG624A, iMG616LH, iMG646BD - Unauthenticated Remote Code Execution via CLI Interface
CVE-2014-0887
IBM Lotus Protector for Mail Security 2.8.x - Authenticated Remote Code Execution
Details
Vulnerabilities
6,057
Exploit Likelihood
High