CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,057 vulnerabilities with CWE-78
CVE-2008-2475
eBay Enhanced Picture Uploader ActiveX Control < 1.0.26 - Remote Code Execution via PictureUrls Property
CVE-2008-6669
nweb2fax <= 0.2.7 - Remote Code Execution via viewrq.php var_filename Parameter
CVE-2008-6554
Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 - OS Command Injection via CGI Script Query String
CVE-2008-6235
Vim 7.0-7.1 - OS Command Injection via Netrw Plugin Filename Handling
CVE-2008-3076
Vim - OS Command Injection via Netrw Plugin Filename Handling
CVE-2008-3074
Vim tar.vim v.10-v.22 - OS Command Injection via Tar Archive Filename
CVE-2008-5516
git < 1.5.5 - Remote Code Execution via gitweb Shell Metacharacter Injection
CVE-2008-5718
netatalk < 2.0.4-beta2 - OS Command Injection via Print Request Title
CVE-2008-4304
phpcollab < 2.5 - Remote Code Execution via SSL_CLIENT_CERT Environment Variable
CVE-2008-4636
yast2-backup 2.14.2-2.16.6 - Local Privilege Escalation via Shell Metacharacters in Backup Filenames
CVE-2008-4796
Snoopy < 1.2.3 - OS Command Injection via HTTPS URL Shell Metacharacters
CVE-2008-2575
cbrpager < 0.9.17 - OS Command Injection via Archive Filename
CVE-2008-1115
Solaris 8 - Denial of Service via Directory Function System Calls
CVE-2007-5653
PHP < 5.2.4 - OS Command Injection via COM Functions
CVE-2007-5322
Microsoft Visual FoxPro 6.0 - Remote Code Execution via FPOLE.OCX FoxDoCmd Function
CVE-2007-4673
Apple QuickTime 7.2 - Command Injection
CVE-2007-4891
Microsoft Visual Studio PDWizard.ocx - Remote Code Execution via ActiveX Control Methods
CVE-2007-4560
ClamAV < 0.91.2 - Remote Code Execution via Shell Metacharacters in Sendmail Recipient Field
CVE-2007-4041
Mozilla Firefox <3.0alpha - Command Injection
CVE-2006-6427
Xerox WorkCentre and WorkCentre Pro - Remote Code Execution via TCP/IP Hostname or Scan-to-Mailbox Folder Name
CVE-2006-0325
Etomite < 0.6 - Remote Code Execution via Backdoor in todo.inc.php
CVE-2005-10004
HIGH
Cacti < 0.8.6-d - Authenticated Remote Command Execution via graph_view.php graph_start Parameter
CVSS 8.8
CVE-2005-10003
MEDIUM
mikexstudios Xcomic <0.8.2 - Command Injection
CVSS 5.6
CVE-2005-2368
vim 6.3-6.3.081 - OS Command Injection via Modelines in foldexpr
CVE-2004-2732
Netbilling 2.0 - Information Disclosure via nbmember.cgi cmd=test Option
Details
Vulnerabilities
6,057
Exploit Likelihood
High