CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,057 vulnerabilities with CWE-78
CVE-2013-1598
HIGH
Vivotek PT7135 Firmware 0300a and 0400a - OS Command Injection via system.ntp Parameter
CVSS 8.8
CVE-2013-2024
HIGH
CHICKEN < 4.9.0 - OS Command Injection via qs Procedure
CVSS 8.8
CVE-2013-7285
CRITICAL
Oracle Endeca Information Discovery Studio - Remote Code Execution via XStream Input Stream Manipulation
CVSS 9.8
CVE-2013-6041
Softaculous Webuzo < 2.1.4 - Remote Code Execution via SOFTCookies sid Cookie
CVE-2013-5758
Yealink SIP-T38G - Authenticated OS Command Injection via cgiServer.exx System Method
CVE-2013-2090
Creme Fraiche < 0.6.1 - Remote Code Execution via Email Attachment Filename
CVE-2013-1668
CosCMS < 1.822 - Authenticated OS Command Injection via Uploaded File Name
CVE-2013-7259
Neo4J < 2.2.0-M01 - Cross-Site Request Forgery via GremlinPlugin or Console Endpoint
CVE-2013-5948
ASUS RT-AC68U and T-Mobile TM-AC1900 - Authenticated OS Command Injection via Network Analysis Target Field
CVE-2013-2642
Sophos Web Appliance <3.7.8.2 - RCE
CVE-2013-6719
IBM Tealeaf CX 7.x, 8.x-8.6, 8.7-8.8 - Authenticated OS Command Injection via testconn_host Parameter
CVE-2013-3365
TRENDnet TEW-812DRU - Authenticated OS Command Injection via Multiple Parameters
CVE-2013-5667
Thecus N8800 NAS Server Firmware 5.03.01 - OS Command Injection via Username Parameter
CVE-2013-6881
CRU Ditto Forensic FieldStation Firmware < 2013Oct15a - OS Command Injection via Sector Size or Skip Count Fields
CVE-2013-5946
D-Link DSR-150/150N/250/250N/500/500N/1000/1000N OS Command Injection via Ping/Traceroute/DNS
CVE-2013-7104
McAfee Email Gateway 7.6 - Authenticated OS Command Injection via Command or Script XML Element
CVE-2013-7103
McAfee Email Gateway 7.6 - Command Injection
CVE-2013-4457
Cocaine gem 0.4.0-0.5.2 - OS Command Injection via Recursive Variable Interpolation
CVE-2013-5530
Cisco Identity Services Engine 1.0-1.1.4 - Authenticated OS Command Injection via TCP Port 443
CVE-2013-5703
DrayTek Vigor 2700 Router Firmware 2.8.3 - Remote Code Execution via SSID Value
CVE-2013-2578
TP-Link IP Cameras <LM.1.6.18P12_sign6 - RCE
CVE-2013-5486
DCNM-SAN Server <6.2(1) - Path Traversal
CVE-2013-4984
Sophos Web Appliance <3.7.9.1, <3.8-3.8.1.1 - Privilege Escalation
CVE-2013-4983
Sophos Web Appliance <3.7.9.1, <3.8.1.1 - Command Injection
CVE-2013-3444
Cisco WAAS <4.x, 5.x<5.0.3e, 5.1.x<5.1.1c, 5.2.x<5.2.1 Authenticated OS Command Injection
Details
Vulnerabilities
6,057
Exploit Likelihood
High