Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,895)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-3936 1Mcafee 1Epolicy Orchestrator Nov 21, 2024 Jun 13, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the use...Show more OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.Show less
CVE-2018-12268 1Acccheck Project 1Acccheck.pl Nov 21, 2024 Jun 13, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line.
CVE-2018-6961 1Vmware 1Nsx Sd Wan By Velocloud Oct 30, 2025 Jun 11, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks....Show more VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.Show less
CVE-2014-0593 1Opensuse 1Open Build Service Nov 21, 2024 Jun 8, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user,...Show more The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server.Show less
CVE-2018-11229 1Crestron 1Crestron Toolbox Protocol Firmware Nov 21, 2024 Jun 8, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).
CVE-2018-0274 1Cisco 1Network Services Orchestrator Nov 21, 2024 Jun 7, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is...Show more A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982.Show less
CVE-2017-7637 1Qnap 1Nas Proxy Server Nov 21, 2024 Jun 5, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.
CVE-2018-6662 1Mcafee 1Management Of Native Encryption Nov 21, 2024 Jun 5, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input.
CVE-2017-16042 1Growl Project 1Growl Nov 21, 2024 Jun 4, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
CVE-2018-11189 1Quest 1Disk Backup Nov 21, 2024 Jun 2, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).
CVE-2018-11188 1Quest 1Disk Backup Nov 21, 2024 Jun 2, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46).
CVE-2018-11187 1Quest 1Disk Backup Nov 21, 2024 Jun 2, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).
CVE-2018-11186 1Quest 1Disk Backup Nov 21, 2024 Jun 2, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46).
CVE-2018-11185 1Quest 1Disk Backup Nov 21, 2024 Jun 2, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46).
CVE-2018-11184 1Quest 1Disk Backup Nov 21, 2024 Jun 2, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46).
CVE-2018-11183 1Quest 1Disk Backup Nov 21, 2024 Jun 2, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46).
CVE-2018-11182 1Quest 1Disk Backup Nov 21, 2024 Jun 2, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46).
CVE-2018-11181 1Quest 1Disk Backup Nov 21, 2024 Jun 2, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46).
CVE-2018-11180 1Quest 1Disk Backup Nov 21, 2024 Jun 2, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46).
CVE-2018-11179 1Quest 1Disk Backup Nov 21, 2024 Jun 2, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).

Previous 1...267268269...295 Next