CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,057 vulnerabilities with CWE-78
CVE-2003-0041
MIT Kerberos FTP Client - OS Command Injection via Filename Pipe Character
CVE-2002-1660
vBulletin < 2.1.9 - Remote Code Execution via Calendar.php Command Parameter
CVE-2002-1898
Terminal < 1.3.1 - Remote Code Execution via Telnet URL Handler
CVE-2002-0061
Apache HTTP Server < 1.3.24 - Remote Code Execution via Shell Metacharacter Injection
CVE-2001-1583
Solaris 8 - Remote Code Execution
CVE-1999-0043
CRITICAL
INN - OS Command Injection via Control Message Shell Metacharacters
CVSS 9.8
CVE-1999-0067
Apache HTTP Server - Remote Command Execution via phf CGI Shell Metacharacters
Details
Vulnerabilities
6,057
Exploit Likelihood
High