Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,949)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-20216 1Dlink 1Dir 859 Firmware Nov 21, 2024 Jan 29, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of t...Show more D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.Show less
CVE-2019-20215 1Dlink 1Dir 859 Firmware Nov 21, 2024 Jan 29, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn...Show more D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.Show less
CVE-2013-1599 1Dlink 17Dcs 1100 Firmware Dcs 1100l FirmwareDcs 1130 Firmware+14 more Nov 21, 2024 Jan 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-...Show more A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.Show less
CVE-2012-6610 1Polycom 2Hdx Video End Points Uc Apl Nov 21, 2024 Jan 28, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.
CVE-2013-2060 1Redhat 1Openshift Nov 21, 2024 Jan 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
CVE-2013-2612 1Huawei 1E587 Firmware Nov 21, 2024 Jan 27, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI.
CVE-2014-8563 1Synacor 1Zimbra Collaboration Server Nov 21, 2024 Jan 27, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.
CVE-2019-19824 1Totolink 8A3002ru Firmware A702r FirmwareN100re Firmware+5 more Nov 21, 2024 Jan 27, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows...Show more On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, N100RE through 3.4.0, and N302RE 2.0.2.Show less
CVE-2019-17095 1Bitdefender 1Box 2 Firmware Nov 21, 2024 Jan 27, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL suppl...Show more A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability.Show less
CVE-2019-17096 1Bitdefender 2Box 2 Firmware Central Nov 21, 2024 Jan 27, 2020 N/A· v4 9.8 CRITICAL· v3 9.3 HIGH· v2 A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
CVE-2019-12629 1Cisco 1Sd Wan Firmware Nov 21, 2024 Jan 26, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is du...Show more A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.Show less
CVE-2020-7980 1Intelliantech 1Aptus Web Nov 21, 2024 Jan 25, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account mi...Show more Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.Show less
CVE-2020-7596 1Codecov 1Nodejs Uploader Nov 21, 2024 Jan 25, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.
CVE-2013-1598 1Vivotek 1Pt7135 Firmware Nov 21, 2024 Jan 24, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
CVE-2019-19897 1Ixpdata 1Easyinstall Nov 21, 2024 Jan 23, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\SYSTEM cont...Show more In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\SYSTEM context of the target system by using the Execute Command Line function.Show less
CVE-2019-19839 1Ruckuswireless 2Unleashed Zonedirector 1200 Firmware Nov 21, 2024 Jan 23, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.
CVE-2019-19838 1Ruckuswireless 2Unleashed Zonedirector 1200 Firmware Nov 21, 2024 Jan 23, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.
CVE-2012-4981 1Toshiba 1Configfree Nov 21, 2024 Jan 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability
CVE-2019-19842 1Ruckuswireless 2Unleashed Zonedirector 1200 Firmware Nov 21, 2024 Jan 22, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.
CVE-2019-19841 1Ruckuswireless 2Unleashed Zonedirector 1200 Firmware Nov 21, 2024 Jan 22, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute.

Previous 1...239240241...298 Next