CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,057 vulnerabilities with CWE-78
CVE-2014-0886
IBM Lotus Protector for Mail Security 2.8.x - Authenticated OS Command Injection
CVE-2014-0659
Cisco RVS4000, WRVS4400N, and WAP4410N Firmware - Remote Code Execution via Test Interface
CVE-2013-10073
HIGH
Nagios XI <2012R1.6 - Command Injection
CVSS 8.8
CVE-2013-10069
CRITICAL
D-Link DIR-600 DIR-300 - Command Injection
CVSS 9.8
CVE-2013-10061
HIGH
Netgear routers <1.1.00.45 - Command Injection
CVSS 7.2
CVE-2013-10060
HIGH
Netgear router <1.0.0.36 - Command Injection
CVSS 7.2
CVE-2013-10059
HIGH
D-Link DIR-615H1 <8.04 - Command Injection
CVSS 7.2
CVE-2013-10058
HIGH
Linksys router <v2.0.03 - Command Injection
CVE-2013-10053
HIGH
ZPanel < 10.0.0.2 - Authenticated Remote Code Execution via htpasswd Module Username Field
CVE-2013-10050
HIGH
D-Link DIR-300/615 - Command Injection
CVSS 8.8
CVE-2013-10049
CRITICAL
Raidsonic IB-NAS5220 and IB-NAS4220 - Unauthenticated OS Command Injection via timeHandler.cgi timeZone Parameter
CVE-2013-10048
CRITICAL
D-Link DIR-300 rev B & DIR-600 <2.13/2.14b01 - Command Injection
CVSS 9.8
CVE-2013-10039
HIGH
GestioIP <ac67be - Command Injection
CVE-2013-10037
CRITICAL
WebTester 5.x - Unauthenticated OS Command Injection via install2.php Parameters
CVE-2013-3307
HIGH
Linksys E1000/E1200/E3200 - Command Injection
CVSS 8.3
CVE-2013-2512
CRITICAL
ftpd gem 0.2.1 - Remote Code Execution via FTP LIST/NLST Command Argument
CVSS 9.8
CVE-2013-0517
HIGH
IBM Sterling External Authentication Server <2.4.1 - Command Injection
CVSS 7.8
CVE-2013-4267
CRITICAL
Pydio < 5.0.1 - OS Command Injection via Archive Name, File Name, or Revision Parameter
CVSS 9.8
CVE-2013-3322
HIGH
NetApp OnCommand System Manager <2.1 - Command Injection
CVSS 7.2
CVE-2013-2573
CRITICAL
TP-Link IP Camera - Command Injection
CVSS 9.8
CVE-2013-2570
CRITICAL
Zavio IP Cameras <1.6.3 - Command Injection
CVSS 9.8
CVE-2013-2568
CRITICAL
Zavio IP Cameras <1.6.3 - Command Injection
CVSS 9.8
CVE-2013-1599
CRITICAL
Dlink Dcs-3411 Firmware - OS Command Injection
CVSS 9.8
CVE-2013-2060
CRITICAL
OpenShift - OS Command Injection via URL Shell Metacharacters
CVSS 9.8
CVE-2013-2612
CRITICAL
Huawei E587 3G Mobile Hotspot <11.203.27 - Command Injection
CVSS 9.8
Details
Vulnerabilities
6,057
Exploit Likelihood
High