VYPR

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,292)

page 111 of 115
  • CVE-2014-2959Jun 2, 2014
    risk 0.00cvss epss 0.03

    logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname…

  • CVE-2013-2090May 27, 2014
    risk 0.00cvss epss 0.04

    The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party…

  • CVE-2013-1668May 23, 2014
    risk 0.00cvss epss 0.07

    The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.

  • CVE-2012-1166May 21, 2014
    risk 0.00cvss epss 0.05

    The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.

  • CVE-2014-3121May 14, 2014
    risk 0.00cvss epss 0.04

    rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands.

  • CVE-2014-2935May 8, 2014
    risk 0.00cvss epss 0.04

    costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.

  • CVE-2014-2565Apr 30, 2014
    risk 0.00cvss epss 0.01

    The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."

  • CVE-2013-7259Apr 29, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2)…

  • CVE-2014-2707Apr 17, 2014
    risk 0.00cvss epss 0.01

    cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."

  • CVE-2014-2874Apr 15, 2014
    risk 0.00cvss epss 0.05

    PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context.

  • CVE-2014-0359Apr 15, 2014
    risk 0.00cvss epss 0.05

    Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer.

  • CVE-2014-0356Apr 15, 2014
    risk 0.00cvss epss 0.01

    The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5)…

  • CVE-2014-0887Mar 25, 2014
    risk 0.00cvss epss 0.02

    The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.

  • CVE-2014-0886Mar 25, 2014
    risk 0.00cvss epss 0.02

    The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors.

  • CVE-2013-5667Jan 24, 2014
    risk 0.00cvss epss 0.04

    The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter.

  • CVE-2013-7104Dec 14, 2013
    risk 0.00cvss epss 0.04

    McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute…

  • CVE-2013-7103Dec 14, 2013
    risk 0.00cvss epss 0.04

    McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to…

  • CVE-2013-4457Nov 2, 2013
    risk 0.00cvss epss 0.01

    The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.

  • CVE-2013-5530Oct 25, 2013
    risk 0.00cvss epss 0.02

    The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary…

  • CVE-2013-5703Oct 22, 2013
    risk 0.00cvss epss 0.01

    The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js.