← Back
CWE-78

5,894 CVEs • Abstraction: Base • Likelihood of Exploit: High

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

JSON object

Loading...

CVEs (5,894)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-11157
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46).
CVE-2018-11156
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).
CVE-2018-11155
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46).
CVE-2018-11154
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).
CVE-2018-11153
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).
CVE-2018-11152
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).
CVE-2018-11151
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).
CVE-2018-11150
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).
CVE-2018-11149
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).
CVE-2018-11148
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).
CVE-2018-11147
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).
CVE-2018-11146
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46).
CVE-2018-11145
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46).
CVE-2018-11144
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).
CVE-2018-11143
1Quest
1Disk Backup
Nov 21, 2024
Jun 2, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46).
CVE-2018-3757
1Pdf Image Project
1Pdf Image
Nov 21, 2024
Jun 1, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.
CVE-2018-3746
1Pdfinfojs Project
1Pdfinfojs
Nov 21, 2024
Jun 1, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.
CVE-2016-10541
1Shell Quote Project
1Shell Quote
Nov 21, 2024
May 31, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform co...Show more
The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection.Show less
CVE-2018-11139
1Quest
1Kace System Management Appliance
Nov 21, 2024
May 31, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script...Show more
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.Show less
CVE-2018-11138
1Quest
1Kace System Management Appliance
Nov 5, 2025
May 31, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.