CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,057 vulnerabilities with CWE-78
CVE-2012-6604
PAN-OS < 3.1.11 and 4.0.x < 4.0.9 - Authenticated Remote Code Execution
CVE-2012-6602
Palo Alto Networks PAN-OS < 3.1.10 and 4.0.x < 4.0.4 - Authenticated OS Command Injection
CVE-2012-6601
PAN-OS < 3.1.12, 4.0.x < 4.0.10, 4.1.x < 4.1.4 - Remote Code Execution
CVE-2012-6600
PAN-OS 4.0.x < 4.0.9 and 4.1.x < 4.1.2 - Authenticated OS Command Injection
CVE-2012-6599
PAN-OS 4.0.x < 4.0.8 and 4.1.x < 4.1.1 - Authenticated OS Command Injection
CVE-2012-6598
PAN-OS 4.0.x - Authenticated OS Command Injection
CVE-2012-6595
PAN-OS 4.0.x < 4.0.9 and 4.1.x < 4.1.2 - Authenticated OS Command Injection
CVE-2012-6594
Palo Alto Networks PAN-OS < 3.1.11, 4.0.x < 4.0.8, 4.1.x < 4.1.1 - Authenticated OS Command Injection
CVE-2012-6593
Palo Alto Networks PAN-OS < 3.1.10 and 4.0.x < 4.0.4 - Remote Code Execution
CVE-2012-6592
Palo Alto Networks PAN-OS < 3.1.10 and 4.0.x < 4.0.5 - Remote Code Execution
CVE-2012-6591
PAN-OS < 3.1.10 and 4.0.x < 4.0.5 - Authenticated OS Command Injection
CVE-2012-5863
Sinapsi eSolar, eSolar DUO, eSolar Light, and sinapsi_firmware < 2.0.2870 - Authenticated OS Command Injection
CVE-2012-3001
Mutiny Standard <4.5-1.12 - Command Injection
CVE-2012-4011
Cybozu KUNAI < 2.0.5 - Remote Code Execution via Crafted Website
CVE-2012-4361
HP SAN/iQ < 9.5 - Authenticated OS Command Injection via Ping Parameter
CVE-2012-2986
HP SAN/iQ 9.5 - Authenticated OS Command Injection via Ping Endpoint Parameters
CVE-2012-4177
Ubisoft Uplay PC < 2.0.4 - Remote Code Execution via -orbit_exe_path Argument
CVE-2012-2976
Symantec Web Gateway <5.0.3.18 - Command Injection
CVE-2012-2953
Symantec Web Gateway <5.0.3.18 - RCE
CVE-2012-2607
Johnson Controls CK721-A <SSM4388_03.1.0.14_BB - RCE
CVE-2012-3076
Cisco TelePresence Recording Server <1.8.0 - Command Injection
CVE-2012-3075
Cisco TelePresence <1.7.4 - Command Injection
CVE-2012-3074
Cisco TelePresence System Software < 1.9.1 - Remote Code Execution via TCP Port 61460
CVE-2012-2516
GE Intelligent Platforms - Command Injection
CVE-2012-3366
bcfg2 1.2.x < 1.2.3 - Authenticated Remote Code Execution via Trigger Plugin UUID Field
Details
Vulnerabilities 6,057
Exploit Likelihood High