CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,057 vulnerabilities with CWE-78
CVE-2014-0886
IBM Lotus Protector for Mail Security 2.8.x - Authenticated OS Command Injection
CVE-2014-0659
Cisco RVS4000, WRVS4400N, and WAP4410N Firmware - Remote Code Execution via Test Interface
CVE-2013-10073 HIGH
Nagios XI <2012R1.6 - Command Injection
CVSS 8.8
CVE-2013-10069 CRITICAL
D-Link DIR-600 DIR-300 - Command Injection
CVSS 9.8
CVE-2013-10061 HIGH
Netgear routers <1.1.00.45 - Command Injection
CVSS 7.2
CVE-2013-10060 HIGH
Netgear router <1.0.0.36 - Command Injection
CVSS 7.2
CVE-2013-10059 HIGH
D-Link DIR-615H1 <8.04 - Command Injection
CVSS 7.2
CVE-2013-10058 HIGH
Linksys router <v2.0.03 - Command Injection
CVE-2013-10053 HIGH
ZPanel < 10.0.0.2 - Authenticated Remote Code Execution via htpasswd Module Username Field
CVE-2013-10050 HIGH
D-Link DIR-300/615 - Command Injection
CVSS 8.8
CVE-2013-10049 CRITICAL
Raidsonic IB-NAS5220 and IB-NAS4220 - Unauthenticated OS Command Injection via timeHandler.cgi timeZone Parameter
CVE-2013-10048 CRITICAL
D-Link DIR-300 rev B & DIR-600 <2.13/2.14b01 - Command Injection
CVSS 9.8
CVE-2013-10039 HIGH
GestioIP <ac67be - Command Injection
CVE-2013-10037 CRITICAL
WebTester 5.x - Unauthenticated OS Command Injection via install2.php Parameters
CVE-2013-3307 HIGH
Linksys E1000/E1200/E3200 - Command Injection
CVSS 8.3
CVE-2013-2512 CRITICAL
ftpd gem 0.2.1 - Remote Code Execution via FTP LIST/NLST Command Argument
CVSS 9.8
CVE-2013-0517 HIGH
IBM Sterling External Authentication Server <2.4.1 - Command Injection
CVSS 7.8
CVE-2013-4267 CRITICAL
Pydio < 5.0.1 - OS Command Injection via Archive Name, File Name, or Revision Parameter
CVSS 9.8
CVE-2013-3322 HIGH
NetApp OnCommand System Manager <2.1 - Command Injection
CVSS 7.2
CVE-2013-2573 CRITICAL
TP-Link IP Camera - Command Injection
CVSS 9.8
CVE-2013-2570 CRITICAL
Zavio IP Cameras <1.6.3 - Command Injection
CVSS 9.8
CVE-2013-2568 CRITICAL
Zavio IP Cameras <1.6.3 - Command Injection
CVSS 9.8
CVE-2013-1599 CRITICAL
Dlink Dcs-3411 Firmware - OS Command Injection
CVSS 9.8
CVE-2013-2060 CRITICAL
OpenShift - OS Command Injection via URL Shell Metacharacters
CVSS 9.8
CVE-2013-2612 CRITICAL
Huawei E587 3G Mobile Hotspot <11.203.27 - Command Injection
CVSS 9.8
Details
Vulnerabilities 6,057
Exploit Likelihood High