Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,947)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-5819 4Debian FedoraprojectGoogle+1 more 5Backports ChromeDebian Linux+2 more Nov 21, 2024 Jun 27, 2019 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.
CVE-2019-12929 1Qemu 1Qemu Nov 21, 2024 Jun 24, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to...Show more The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issueShow less
CVE-2019-12928 1Qemu 1Qemu Nov 21, 2024 Jun 24, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a craft...Show more The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issueShow less
CVE-2018-16118 1Sophos 1Sfos Nov 21, 2024 Jun 20, 2019 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Fo...Show more A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.Show less
CVE-2018-16117 1Sophos 1Sfos Nov 21, 2024 Jun 20, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST...Show more A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.Show less
CVE-2019-6962 1Rdkcentral 1Rdkb Ccsppandm Nov 21, 2024 Jun 20, 2019 N/A· v4 7.5 HIGH· v3 8.5 HIGH· v2 A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if t...Show more A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module.Show less
CVE-2019-1879 1Cisco 2Integrated Management Controller Unified Computing System Nov 21, 2024 Jun 20, 2019 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to ins...Show more A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the administrator password via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.Show less
CVE-2019-1878 1Cisco 2Telepresence Ce Telepresence Tc Nov 21, 2024 Jun 20, 2019 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary sh...Show more A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficient input validation of received CDP packets. An attacker could exploit this vulnerability by sending crafted CDP packets to an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts on the targeted device.Show less
CVE-2019-1627 1Cisco 2Integrated Management Controller Unified Computing System Nov 21, 2024 Jun 20, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data...Show more A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information from the file to elevate privileges.Show less
CVE-2019-1623 1Cisco 1Meeting Server Nov 21, 2024 Jun 20, 2019 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation...Show more A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root on an affected product.Show less
CVE-2018-16593 1Sony 8R5c Firmware Wd65 FirmwareWd75 Firmware+5 more Nov 21, 2024 Jun 19, 2019 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection.
CVE-2018-16618 1Vtech 1Storio Max Firmware Nov 21, 2024 Jun 19, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Reque...Show more VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of random characters followed by the name of an Android activity to start. Activities are started by inserting their name into a string that is executed in a shell command. By inserting metacharacters this can be exploited to run arbitrary commands as root. The requests also match those of the HTTP protocol and can be triggered on any web page rendered on the device by requesting resources stored at an http://127.0.0.1:1668/ URI, as demonstrated by the http://127.0.0.1:1668/dacdb70556479813fab2d92896596eef?';{ping,example.org}' URL.Show less
CVE-2018-18472 1Westerndigital 1My Book Live Firmware Nov 21, 2024 Jun 19, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered...Show more Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,Show less
CVE-2018-18852 1Cerio 1Dt 300n Firmware Nov 21, 2024 Jun 18, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in Octobe...Show more Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018.Show less
CVE-2019-11410 1Fusionpbx 1Fusionpbx Nov 21, 2024 Jun 17, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on th...Show more app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host.Show less
CVE-2019-11409 1Fusionpbx 1Fusionpbx Nov 21, 2024 Jun 17, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execu...Show more app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.Show less
CVE-2019-12181 1Solarwinds 2Serv U Ftp Server Serv U Mft Server Nov 21, 2024 Jun 17, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
CVE-2019-12840 1Webmin 1Webmin Nov 21, 2024 Jun 15, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12839 1Orangehrm 1Orangehrm Nov 21, 2024 Jun 15, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2018-20841 1Hootoo 1Tripmate Titan Ht Tm05 Firmware Nov 21, 2024 Jun 11, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_tab...Show more HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.Show less

Previous 1...252253254...298 Next