Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,949)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-17499 1Compal 1Ch7465lg Firmware Nov 21, 2024 Oct 11, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root...Show more The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter.Show less
CVE-2019-11527 1Softing 1Uagate Si Firmware Nov 21, 2024 Oct 10, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter.
CVE-2019-15014 1Zingbox 1Inspector Nov 21, 2024 Oct 9, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI.
CVE-2019-15715 1Mantisbt 1Mantisbt Nov 21, 2024 Oct 9, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
CVE-2019-13051 1Pi Hole 1Pi Hole Nov 21, 2024 Oct 9, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Pi-Hole 4.3 allows Command Injection.
CVE-2019-17107 1Centreon 1Centreon Web Nov 21, 2024 Oct 8, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorre...Show more minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.Show less
CVE-2019-12812 1Activesoft 1Mybuilder Nov 21, 2024 Oct 7, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution.
CVE-2019-12811 1Activesoft 1Mybuilder Nov 21, 2024 Oct 7, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution
CVE-2019-15746 1Sitos 1Sitos Six Nov 21, 2024 Oct 7, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.
CVE-2019-17269 1Intelliantech 1Remote Access Nov 21, 2024 Oct 7, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Intellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field.
CVE-2019-15036 1Jetbrains 1Teamcity Nov 21, 2024 Oct 2, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
CVE-2019-12699 1Cisco 3Firepower 9300 Firmware Firepower Extensible Operating SystemFirepower Threat Defense Nov 21, 2024 Oct 2, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with r...Show more Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.Show less
CVE-2019-12690 1Cisco 1Secure Firewall Management Center Nov 26, 2024 Oct 2, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underl...Show more A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input in the web UI. A successful exploit could allow an attacker to execute arbitrary commands on the device with full root privileges.Show less
CVE-2019-13025 1Compal 1Ch7465lg Firmware Nov 21, 2024 Oct 2, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, wh...Show more Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem.Show less
CVE-2019-16920 1Dlink 10Dap 1533 Firmware Dhp 1565 FirmwareDir 615 Firmware+7 more Nov 7, 2025 Sep 27, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interfa...Show more Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.Show less
CVE-2019-12091 1Netskope 1Netskope Nov 21, 2024 Sep 26, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from co...Show more The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.Show less
CVE-2019-12717 1Cisco 1Nx Os Nov 21, 2024 Sep 25, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system wi...Show more A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges, which may lead to complete system compromise. An attacker would need valid administrator credentials to exploit this vulnerability.Show less
CVE-2019-12709 1Cisco 1Ios Xr Nov 21, 2024 Sep 25, 2019 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitr...Show more A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker who has valid administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system with root privileges, which may lead to complete system compromise.Show less
CVE-2019-12661 1Cisco 1Ios Xe Nov 21, 2024 Sep 25, 2019 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a p...Show more A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise.Show less
CVE-2019-12651 1Cisco 3Cloud Services Router 1000v Firmware Integrated Services Virtual Router FirmwareIos Nov 21, 2024 Sep 25, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more infor...Show more Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.Show less

Previous 1...246247248...298 Next