Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,949)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-8126 1Ui 1Edgeswitch Nov 21, 2024 Feb 7, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and...Show more A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15).Show less
CVE-2020-8654 1Eyesofnetwork 1Eyesofnetwork Nov 21, 2024 Feb 7, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.ph...Show more An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.Show less
CVE-2020-6760 1Schmid Telecom 1Zi 620 V400 Firmware Nov 21, 2024 Feb 6, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping.
CVE-2019-10789 1Curling Project 1Curling Nov 21, 2024 Feb 6, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization.
CVE-2019-10788 1Dnt 1Im Metadata Nov 21, 2024 Feb 4, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function.
CVE-2019-10787 1Dnt 1Im Resize Nov 21, 2024 Feb 4, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.
CVE-2019-10786 1Network Manager Project 1Network Manager Nov 21, 2024 Feb 4, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument.
CVE-2015-3611 1Fortinet 1Fortimanager Nov 21, 2024 Feb 4, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.
CVE-2020-8515 1Draytek 3Vigor2960 Firmware Vigor300b FirmwareVigor3900 Firmware Nov 7, 2025 Feb 1, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/main...Show more DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.Show less
CVE-2013-3322 1Netapp 1Oncommand System Manager Nov 21, 2024 Jan 31, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.
CVE-2020-1931 1Apache 1Spamassassin Nov 21, 2024 Jan 30, 2020 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stea...Show more A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places.Show less
CVE-2020-1930 1Apache 1Spamassassin Nov 21, 2024 Jan 30, 2020 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpa...Show more A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. If you cannot upgrade, do not use 3rd party rulesets, do not use sa-compile and do not run spamd as an account with elevated privileges.Show less
CVE-2019-20050 1Artica 1Pandora Fms Nov 21, 2024 Jan 30, 2020 N/A· v4 6.8 MEDIUM· v3 7.1 HIGH· v2 Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the ph...Show more Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type.Show less
CVE-2020-8438 1Arris 1Ruckus Zoneflex R500 Firmware Nov 21, 2024 Jan 29, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=\|cat${IFS} substring.
CVE-2019-10783 1Isof Project 1Isof Nov 21, 2024 Jan 29, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.
CVE-2013-2573 1Tp Link 3Tl Sc 3130g Firmware Tl Sc 3171g FirmwareTl Sc 4171g Firmware Nov 21, 2024 Jan 29, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute...Show more A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.Show less
CVE-2013-2570 1Zavio 2F3105 Firmware F312a Firmware Nov 21, 2024 Jan 29, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user exec...Show more A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.Show less
CVE-2013-2568 1Zavio 2F3105 Firmware F312a Firmware Nov 21, 2024 Jan 29, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.
CVE-2020-7247 4Canonical DebianFedoraproject+1 more 4Debian Linux FedoraOpensmtpd+1 more Nov 7, 2025 Jan 29, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacte...Show more smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.Show less
CVE-2019-20217 1Dlink 1Dir 859 Firmware Nov 21, 2024 Jan 29, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the...Show more D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.Show less

Previous 1...238239240...298 Next