VYPR

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,292)

page 20 of 115
  • CVE-2018-7440CriFeb 23, 2018
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.

  • CVE-2017-14535HigFeb 16, 2018
    risk 0.64cvss 8.8epss 0.50

    trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

  • CVE-2018-1000043CriFeb 9, 2018
    risk 0.64cvss 9.8epss 0.04

    Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be…

  • CVE-2018-1000042CriFeb 9, 2018
    risk 0.64cvss 9.8epss 0.04

    Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be…

  • CVE-2018-0514CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.02

    MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2018-0506CriJan 26, 2018
    risk 0.64cvss 9.8epss 0.02

    Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-17407CriJan 23, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content…

  • CVE-2017-16608CriJan 23, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper…

  • CVE-2017-18025CriJan 9, 2018
    risk 0.64cvss 9.8epss 0.03

    cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter.

  • CVE-2017-10904CriDec 16, 2017
    risk 0.64cvss 9.8epss 0.02

    Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-17458CriDec 7, 2017
    risk 0.64cvss 9.8epss 0.06

    In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories,…

  • CVE-2016-1253CriDec 5, 2017
    risk 0.64cvss 9.8epss 0.05

    The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file.

  • CVE-2017-10902CriDec 1, 2017
    risk 0.64cvss 9.8epss 0.02

    PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-1000214CriNov 27, 2017
    risk 0.64cvss 9.8epss 0.03

    GitPHP by xiphux is vulnerable to OS Command Injections

  • CVE-2017-16926CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.06

    Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.

  • CVE-2017-1000215CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.06

    ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution

  • CVE-2017-1000235CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.03

    I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.

  • CVE-2017-3761CriOct 17, 2017
    risk 0.64cvss 9.8epss 0.04

    The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.

  • CVE-2017-15226CriOct 10, 2017
    risk 0.64cvss 9.8epss 0.02

    Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call.

  • CVE-2017-1000116CriOct 5, 2017
    risk 0.64cvss 9.8epss 0.06

    Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.