Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,949)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-3999 1Druva 1Insync Client Nov 21, 2024 Feb 25, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVE-2019-5142 1Moxa 1Awk 3131a Firmware Nov 21, 2024 Feb 25, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbit...Show more An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability.Show less
CVE-2019-5141 1Moxa 1Awk 3131a Firmware Nov 21, 2024 Feb 25, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subseque...Show more An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.Show less
CVE-2019-5140 1Moxa 1Awk 3131a Firmware Nov 21, 2024 Feb 25, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a sub...Show more An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.Show less
CVE-2019-5138 1Moxa 1Awk 3131a Firmware Nov 21, 2024 Feb 25, 2020 N/A· v4 9.9 CRITICAL· v3 9.0 HIGH· v2 An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox comma...Show more An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.Show less
CVE-2020-9374 1Tp Link 1Tl Wr849n Firmware Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.
CVE-2019-12511 1Netgear 1Nighthawk X10 R9000 Firmware Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 9.3 HIGH· v2 In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwid...Show more In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled, and a valid authentication JWT, additional vulnerabilities (CVE-2019-12510) allow an attacker to interact with the entire SOAP API without authentication. Additionally, DNS rebinding techniques may be used to exploit this vulnerability remotely. Exploiting this vulnerability is somewhat involved. The following limitations apply to the payload and must be overcome for successful exploitation: - No more than 17 characters may be used. - At least one colon must be included to prevent mangling. - A single-quote and meta-character must be used to break out of the existing command. - Parent command remnants after the injection point must be dealt with. - The payload must be in all-caps. Despite these limitations, it is still possible to gain access to an interactive root shell via this vulnerability. Since the web server assigns certain HTTP headers to environment variables with all-caps names, it is possible to insert a payload into one such header and reference the subsequent environment variable in the injection point.Show less
CVE-2019-10799 1Compile Sass Project 1Compile Sass Nov 21, 2024 Feb 24, 2020 N/A· v4 8.2 HIGH· v3 8.5 HIGH· v2 compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization.
CVE-2019-10796 1Rpi Project 1Rpi Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization.
CVE-2020-4222 1Ibm 1Spectrum Protect Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitr...Show more IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175091.Show less
CVE-2020-4213 1Ibm 1Spectrum Protect Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitr...Show more IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175024.Show less
CVE-2020-4211 1Ibm 1Spectrum Protect Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitr...Show more IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022.Show less
CVE-2020-4210 1Ibm 1Spectrum Protect Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitr...Show more IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020.Show less
CVE-2020-8130 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 24, 2020 N/A· v4 6.4 MEDIUM· v3 6.9 MEDIUM· v2 There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `\|`.
CVE-2019-18183 2Fedoraproject Pacman Project 2Fedora Pacman Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must ena...Show more pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file.Show less
CVE-2019-18182 2Fedoraproject Pacman Project 2Fedora Pacman Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must en...Show more pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package.Show less
CVE-2020-8813 5Cacti DebianFedoraproject+2 more 5Cacti Debian LinuxFedora+2 more Nov 21, 2024 Feb 22, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVE-2020-6842 1Dlink 1Dch M225 Firmware Nov 21, 2024 Feb 21, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name.
CVE-2020-6841 1Dlink 1Dch M225 Firmware Nov 21, 2024 Feb 21, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter.
CVE-2020-5534 1Nec 1Aterm Wg2600hs Firmware Nov 21, 2024 Feb 21, 2020 N/A· v4 8.0 HIGH· v3 7.7 HIGH· v2 Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors.

Previous 1...236237238...298 Next