CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,057 vulnerabilities with CWE-78
CVE-2010-3039
Cisco Unified Communications Manager <8 - Command Injection
CVE-2010-3757
IBM Tivoli Storage Manager FastBack 5.5.0.0-5.5.6.0 & 6.1.0.0-6.1.0.1 - Remote Code Execution via Format String
CVE-2010-3754
IBM Tivoli Storage Manager FastBack 5.5.0.0-5.5.6.0 & 6.1.0.0-6.1.0.1 - Remote Code Execution
CVE-2010-3753
Openswan 2.6.26-2.6.28 - Authenticated OS Command Injection via cisco_banner Field
CVE-2010-3752
Openswan 2.6.25-2.6.28 - Authenticated OS Command Injection via cisco_dns_info or cisco_domain_info
CVE-2010-2445
freeciv 2.2-2.2.1 and 2.3 - Remote Code Execution via Lua Scenario Scripting
CVE-2010-1885
Windows XP and Windows Server 2003 - Remote Code Execution via Malformed hcp:// URL
CVE-2010-1423
Java NPAPI/Deployment Toolkit <6-19 - Command Injection
CVE-2010-1132
SpamAssassin Milter Plugin <0.3.1 - RCE
CVE-2010-0418
chumby_one < 1.0.3 and chumby_classic < 1.7.1 - OS Command Injection
CVE-2010-0934
Perforce Server 2008.1 - Command Injection
CVE-2009-20011
CRITICAL
ContentKeeper Web Appliance <125.10 - RCE
CVE-2009-20010
CRITICAL
Dogfood CRM < 2.0.10 - Unauthenticated Remote Command Execution via spell.php data Parameter
CVE-2009-4644
Accellion Secure File Transfer Appliance <8.0.105 - Command Injection
CVE-2009-4498
Zabbix Server <1.8 - Command Injection
CVE-2009-4025
Net_Traceroute <0.21.2 - Command Injection
CVE-2009-3233
changetrack 4.3 - OS Command Injection via Filename with CRLF and Shell Metacharacters
CVE-2009-2288
Nagios < 3.1.1 - OS Command Injection via statuswml.cgi Ping or Traceroute Parameters
CVE-2009-2011
Worldweaver DX Studio Player <3.0.29.1 - RCE
CVE-2009-1916
GScripts.net DNS Tools - OS Command Injection via dig.php ns Parameter
CVE-2009-1792
StoneTrip S3DPlayer StandAlone 1.6.2.4 and 1.7.0.1 and Web 1.6.0.0 - Remote Code Execution via system.openURL
CVE-2009-0854
dash 0.5.4 - Local Arbitrary Code Execution via Trojan Horse .profile File
CVE-2009-0848
OpenSUSE 11.0 and 11.1 - Untrusted Search Path Vulnerability in GTK2
CVE-2008-7158
Numara FootPrints 7.5a-7.5a1 & 8.0-8.0a - OS Command Injection via MRchat.pl or MRABLoad2.pl
CVE-2008-7125
Ariadne CMS < 2.6 - Authenticated OS Command Injection via Annotate Command
Details
Vulnerabilities
6,057
Exploit Likelihood
High