Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-88

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

359 vulnerabilities with CWE-88

CVE-2018-11019 HIGH

Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 - Code Injection

CVE-2018-17456 CRITICAL

Malicious Git HTTP Server For CVE-2018-17456

CVE-2018-3856 CRITICAL

Samsung STH-ETH-250 Firmware 0.20.17 - OS Command Injection via RTSP URL Field

CVE-2018-13386 HIGH

Sourcetree for Windows <2.6.9 - Command Injection

CVE-2018-13385 CRITICAL

Sourcetree for macOS <2.7.6 - Command Injection

CVE-2018-0345 HIGH

Cisco SD-WAN Solution - Command Injection

CVE-2018-10992 CRITICAL

LilyPond 2.19.80 - Command Injection

CVE-2017-15694 MEDIUM

Apache Geode <1.9.0 - Privilege Escalation

CVE-2017-14591 CRITICAL

Atlassian Fisheye/Crucible <4.4.3 & 4.5.0 - Code Injection

CVE-2017-1001003 CRITICAL

mathjs < 3.17.0 - Prototype Pollution via Unicode Character Bypass

CVE-2016-1000222 HIGH

Logstash < 2.1.1 - Argument Injection via CSV Output

CVE-2016-10033 CRITICAL KEV

PHPMailer Sendmail Argument Injection

Solaris 10 and 11 - Unauthenticated Argument Injection in telnetd via -f Sequence

HyperAccess 8.4 - Command Injection

Microsoft Windows XP <SP2 - Command Injection

WinSCP 3.8.1 - Argument Injection via Encoded Spaces in SCP/SFTP URI

Skype < 2.0.0.105 - Argument Injection via URI Handler

Microsoft Outlook 2003 SP1 - Command Injection

Internet Explorer 6 for Windows XP SP2 - Command Injection

Mozilla Firefox 1.0.6 - Command Injection

Avant Browser 10.1 Build 17 - Command Injection

Beagle < 0.2.5 - OS Command Injection via Crafted Filename Argument Injection

kimihia tellme < 1.2 - Argument Injection via q_Host Parameter

IBM Lotus Notes <6.5 - Command Injection

Konqueror < 3.2.2 - Command Injection via URI Handler Hostname

Previous Page 14 of 15 Next

Details

Vulnerabilities 359

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy