Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,893)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-5347 1Seagate 1Personal Cloud Firmware Nov 21, 2024 Jan 12, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metach...Show more Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.Show less
CVE-2017-18025 1Innotube 1Itguard Manager Nov 21, 2024 Jan 9, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin\|" to use...Show more cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin\|" to use the '\|' metacharacter.Show less
CVE-2017-16666 1Xplico 1Xplico Nov 21, 2024 Jan 5, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging t...Show more Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.Show less
CVE-2017-1000487 2Codehaus Plexus Debian 2Debian Linux Plexus Utils Nov 21, 2024 Jan 3, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
CVE-2017-1000473 1Linux Dash Project 1Linux Dash Nov 21, 2024 Jan 3, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root.
CVE-2014-8389 1Airlive 5Bu 2015 Firmware Bu 3026 FirmwareMd 3025 Firmware+2 more May 13, 2026 Dec 28, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 1...Show more cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests.Show less
CVE-2017-17888 1Hoytech 1Antiweb May 13, 2026 Dec 27, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON...Show more cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097.Show less
CVE-2017-17411 1Linksys 1Wvbr0 Firmware May 13, 2026 Dec 21, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web man...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.Show less
CVE-2017-5255 1Cambiumnetworks 2Epmp 1000 Firmware Epmp 2000 Firmware May 13, 2026 Dec 20, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly us...Show more In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root.Show less
CVE-2017-15049 1Zoom 1Zoom May 13, 2026 Dec 19, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging t...Show more The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.Show less
CVE-2017-17758 1Tp Link 15Tl War1200l Firmware Tl War1300l FirmwareTl War1750l Firmware+12 more May 13, 2026 Dec 19, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_by...Show more TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd.Show less
CVE-2017-17757 1Tp Link 15Tl War1200l Firmware Tl War1300l FirmwareTl War1750l Firmware+12 more May 13, 2026 Dec 19, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif...Show more TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.Show less
CVE-2017-17105 1Zivif 1Pr115 204 P Rs Firmware May 13, 2026 Dec 19, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demo...Show more Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.Show less
CVE-2017-15103 2Heketi Project Redhat 2Enterprise Linux Heketi May 13, 2026 Dec 18, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as...Show more A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.Show less
CVE-2017-10904 1Qt 1Qt May 13, 2026 Dec 16, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2017-17405 3Debian RedhatRuby Lang 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more May 13, 2026 Dec 15, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "\|" pipe...Show more Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "\|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.Show less
CVE-2017-16921 2Debian Otrs 2Debian Linux Otrs May 13, 2026 Dec 8, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) a...Show more In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.Show less
CVE-2017-17458 2Debian Mercurial 2Debian Linux Mercurial May 13, 2026 Dec 7, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use...Show more In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.Show less
CVE-2017-17055 1Articatech 1Artica Proxy May 13, 2026 Dec 7, 2017 N/A· v4 9.0 CRITICAL· v3 8.5 HIGH· v2 Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.
CVE-2016-1253 1Debian 1Most May 13, 2026 Dec 5, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the...Show more The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file.Show less

Previous 1...275276277...295 Next