CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,057 vulnerabilities with CWE-78
CVE-2013-1616
Symantec Web Gateway < 5.1.1 - OS Command Injection via Management Console
CVE-2013-4781
Siemens Enterprise OpenScape <2R0.32.0-7R1.7.0 - Command Injection
CVE-2013-3578
Wave EMBASSY Remote Admin Server Help Desk SQLi & OS Command Execution via Search
CVE-2013-3576
HP System Management Homepage - Authenticated OS Command Injection via PATH_INFO to smhutil/snmpchp.php.en
CVE-2013-1947
kelredd-pruview 0.3.8 - OS Command Injection via Filename Argument
CVE-2013-1933
karteek-docsplit 0.5.4 - OS Command Injection via PDF Filename
CVE-2013-0804
Novell GroupWise <8.0.3-2012 - RCE/DoS
CVE-2013-0928
EMC AlphaStor 4.0 - Remote Code Execution via DCP Run Command Operation
CVE-2012-10059
CRITICAL
Dolibarr ERP/CRM <= 3.1.1-3.2.0 - Command Injection
CVE-2012-10040
CRITICAL
Openfiler 2.x - Authenticated OS Command Injection via system.html Device Parameter
CVE-2012-10039
CRITICAL
ZEN Load Balancer <3.0-rc1 - Command Injection
CVE-2012-10037
CRITICAL
PhpTax 0.8 - Unauthenticated Remote Code Execution via drawimage.php pfilez Parameter
CVE-2012-10046
CRITICAL
E-Mail Security Virtual Appliance ESVA_2057 - Unauthenticated OS Command Injection via learn-msg.cgi id Parameter
CVE-2012-10041
CRITICAL
WAN Emulator 2.3 - Unauthenticated OS Command Injection via result.php pc Parameter
CVE-2012-10033
CRITICAL
Narcissus backend.php - release Parameter Command Injection
CVE-2012-10029
HIGH
Nagios XI Network Monitor <1.3 - Command Injection
CVE-2012-10028
HIGH
Netwin SurgeFTP <23c8 - Command Injection
CVE-2012-6610
HIGH
Polycom HDX Video End Points < 3.0.4 and UC APL < 2.7.1.j - Authenticated OS Command Injection via Ping Command
CVSS 8.8
CVE-2012-4981
HIGH
Toshiba ConfigFree 8.0.38 - Remote Code Execution via CF7 File
CVSS 8.8
CVE-2012-5878
CRITICAL
Bulb Security Smartphone Pentest Framework 0.1.2-0.1.4 - Remote Code Execution via Shell Metacharacters
CVSS 9.8
CVE-2012-5693
HIGH
Bulb Security Smartphone Pentest Framework <0.1.3 - RCE
CVSS 8.8
CVE-2012-1166
LTSP Display Manager < 2.2.7 - Remote Code Execution via KP_RETURN Keybinding
CVE-2012-4108
Cisco Unified Computing System - OS Command Injection via Fabric-Interconnect File Command
CVE-2012-4075
Cisco NX-OS - OS Command Injection via Shell Metacharacters in Command Parameters
CVE-2012-6605
PAN-OS < 3.1.11 and 4.0.x < 4.0.9 - Authenticated Remote Code Execution
Details
Vulnerabilities
6,057
Exploit Likelihood
High