VYPR

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,292)

page 21 of 115
  • CVE-2015-3431CriSep 19, 2017
    risk 0.64cvss 9.8epss 0.04

    Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities."

  • CVE-2017-9328CriSep 15, 2017
    risk 0.64cvss 9.8epss 0.07

    Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root.

  • CVE-2017-14429CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.05

    The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting…

  • CVE-2017-14127CriSep 4, 2017
    risk 0.64cvss 9.8epss 0.03

    Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.

  • CVE-2017-10832CriAug 29, 2017
    risk 0.64cvss 9.8epss 0.03

    "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-11381CriAug 1, 2017
    risk 0.64cvss 9.8epss 0.03

    A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.

  • CVE-2017-9483CriJul 31, 2017
    risk 0.64cvss 9.8epss 0.02

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands.

  • CVE-2017-11588CriJul 24, 2017
    risk 0.64cvss 9.8epss 0.04

    On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi…

  • CVE-2017-1000009CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.04

    Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution.

  • CVE-2017-4053CriJul 12, 2017
    risk 0.64cvss 9.8epss 0.03

    Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter.

  • CVE-2017-2237CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.02

    Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-6714CriJul 6, 2017
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit…

  • CVE-2017-8116CriJul 3, 2017
    risk 0.64cvss 9.8epss 0.05

    The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.

  • CVE-2017-9736CriJun 17, 2017
    risk 0.64cvss 9.8epss 0.03

    SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.

  • CVE-2016-7806CriJun 9, 2017
    risk 0.64cvss 9.8epss 0.04

    I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-8799CriMay 5, 2017
    risk 0.64cvss 9.8epss 0.02

    Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon…

  • CVE-2017-8768CriMay 4, 2017
    risk 0.64cvss 9.8epss 0.08

    Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command.…

  • CVE-2017-2096CriApr 28, 2017
    risk 0.64cvss 9.8epss 0.06

    smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2016-6147CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.05

    An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.

  • CVE-2015-4642CriMay 16, 2016
    risk 0.64cvss 9.8epss 0.06

    The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the…