Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,949)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-5525 1Nec 3Aterm Wf1200c Firmware Aterm Wg1200cr FirmwareAterm Wg2600hs Firmware Nov 21, 2024 Feb 21, 2020 N/A· v4 8.0 HIGH· v3 7.7 HIGH· v2 Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execu...Show more Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.Show less
CVE-2020-5524 1Nec 3Aterm Wf1200c Firmware Aterm Wg1200cr FirmwareAterm Wg2600hs Firmware Nov 21, 2024 Feb 21, 2020 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary O...Show more Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function.Show less
CVE-2014-2727 1Trustwave 1Mailmarshal Nov 21, 2024 Feb 19, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.
CVE-2019-10791 1Promise Probe Project 1Promise Probe Nov 21, 2024 Feb 18, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.
CVE-2014-4981 1Xorux 1Lpar2rrd Nov 21, 2024 Feb 17, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters.
CVE-2020-7597 1Codecov 1Codecov Nov 21, 2024 Feb 17, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability e...Show more codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.Show less
CVE-2020-9027 1Eltex Co 2Ntp 2 Firmware Ntp Rg 1402g Firmware Nov 21, 2024 Feb 17, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected.
CVE-2020-9026 1Eltex Co 2Ntp 2 Firmware Ntp Rg 1402g Firmware Nov 21, 2024 Feb 17, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected.
CVE-2020-9021 1Postoaktraffic 1Awam Bluetooth Field Device Firmware Nov 21, 2024 Feb 17, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metachara...Show more Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter.Show less
CVE-2020-9020 1Iteris 1Vantage Velocity Firmware Nov 21, 2024 Feb 17, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field.
CVE-2020-8858 1Moxa 2Mgate 5105 Mb Eip T Firmware Mgate 5105 Mb Eip Firmware Nov 21, 2024 Feb 14, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw e...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9552.Show less
CVE-2020-8963 1Timetoolsltd 10Sc7105 Firmware Sc9205 FirmwareSc9705 Firmware+7 more Nov 21, 2024 Feb 13, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary O...Show more TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter.Show less
CVE-2020-8949 1Gocloud 5Isp3000 Firmware S2a FirmwareS2a Wl Firmware+2 more Nov 21, 2024 Feb 12, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell...Show more Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring.Show less
CVE-2020-8947 1Artica 1Pandora Fms Nov 21, 2024 Feb 12, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a...Show more functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.Show less
CVE-2020-8946 1Netis Systems 1Wf2471 Firmware Nov 21, 2024 Feb 12, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter.
CVE-2020-8429 1Kinetica 1Kinetica Nov 21, 2024 Feb 11, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote co...Show more The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. The logFile parameter in the getLogs function was used as a variable in a command to read log files; however, due to poor input sanitisation, it was possible to bypass a replacement and break out of the command.Show less
CVE-2013-0517 1Ibm 1Sterling External Authentication Server Nov 21, 2024 Feb 11, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code.
CVE-2019-14514 1Microvirt 1Memu Nov 21, 2024 Feb 11, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup (this is...Show more An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup (this is unrelated to Red Hat's systemd init program, and is a closed-source proprietary tool that seems to be developed by Microvirt). This program opens TCP port 21509, presumably to receive installation-related commands from the host OS. Because everything after the installer:uninstall command is concatenated directly into a system() call, it is possible to execute arbitrary commands by supplying shell metacharacters.Show less
CVE-2013-4267 1Pydio 1Pydio Nov 21, 2024 Feb 11, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2)...Show more Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php).Show less
CVE-2019-19356 1Netis Systems 1Wf2419 Firmware Nov 7, 2025 Feb 7, 2020 N/A· v4 7.5 HIGH· v3 8.5 HIGH· v2 Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connect...Show more Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.Show less

Previous 1...237238239...298 Next