CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,057 vulnerabilities with CWE-78
CVE-2012-1988
Puppet 2.6.0-2.6.14 and 2.7.0-2.7.12 - Authenticated Remote Code Execution via Filebucket Request
CVE-2012-1795
Webglimpse < 2.20.0 - Remote Code Execution via Query Parameter Shell Metacharacters
CVE-2011-10026
CRITICAL
Spreecommerce < 0.50.x - Unauthenticated Remote Code Execution via API Search Parameter
CVSS 9.8
CVE-2011-10017
CRITICAL
Snort Report < 1.3.2 - Unauthenticated Remote Code Execution via nmap.php and nbtscan.php Target Parameter
CVE-2011-10007
HIGH
File::Find::Rule <= 0.34 - OS Command Injection via Crafted Filename in grep()
CVSS 8.8
CVE-2011-2195
CRITICAL
WebSVN 2.3.2 - Unauthenticated OS Command Injection via dl.php Path Argument
CVSS 9.8
CVE-2011-2523
CRITICAL
vsftpd 2.3.4 - Backdoor Command Execution
CVSS 9.8
CVE-2011-3178
HIGH
openSUSE Open Build Service < 2.3.0 - Authenticated OS Command Injection via Project Rebuildtimes Statistics
CVSS 8.1
CVE-2011-4002
HP no Mawashimono Nikki <6.6 - Command Injection
CVE-2011-4502
Edimax BR-6104K < 3.25 - Remote Code Execution via UPnP IGD Shell Metacharacters
CVE-2011-1513
e107 < 0.7.24 - Remote Code Execution via MySQL Server Name Injection
CVE-2011-2148
SmarterStats 6.0 - OS Command Injection via Admin/frmSite.aspx Parameters
CVE-2011-1904
Proofpoint Messaging Security Gateway < 6.2.0.263:6.2.0.237 and Protection Server 5.5.3-6.2.0 - OS Command Injection
CVE-2011-0456
OTRS < 2.3.4 - Remote Code Execution
CVE-2011-0382
Cisco TelePresence Recording Server 1.6.x - Remote Code Execution via CGI Subsystem
CVE-2011-0381
Cisco TelePresence Manager 1.2.x-1.6.x - Remote Code Execution via Java RMI Interface
CVE-2011-0378
Cisco TelePresence System Software 1.2.x-1.5.x - Remote Code Execution via XML-RPC TCP Request
CVE-2011-0375
Cisco TelePresence System Software 1.2.x-1.6.x - Authenticated OS Command Injection via Malformed CGI Request
CVE-2011-0374
Cisco TelePresence System Software 1.2.x-1.5.x - Authenticated OS Command Injection via Malformed CGI Request
CVE-2011-0373
Cisco TelePresence System Software 1.2.x-1.5.x - Authenticated OS Command Injection via Malformed CGI Request
CVE-2011-0372
Cisco TelePresence System Software 1.2.x-1.5.x - Remote Command Injection via Malformed CGI Request
CVE-2011-0271
HP Openview Network Node Manager - OS Command Injection
CVE-2010-20059
CRITICAL
FreeNAS <0.7.2-5543 - Command Injection
CVE-2010-10013
CRITICAL
AjaXplorer < 2.6 - Unauthenticated Remote Code Execution via access.ssh checkInstall.php destServer Parameter
CVE-2010-4278
Pandora FMS < 3.1 - Authenticated OS Command Injection via Network Map Layout Parameter
Details
Vulnerabilities
6,057
Exploit Likelihood
High