Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,890)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-10953 1Foxitsoftware 1Foxit Reader May 13, 2026 Oct 31, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the gotoURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5030.Show less
CVE-2017-9377 1Barco 2Clickshare Csc 1 Firmware Clickshare Csm 1 Firmware May 13, 2026 Oct 30, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerabi...Show more A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device.Show less
CVE-2017-15924 2Debian Shadowsocks 2Debian Linux Shadowsocks Libev May 13, 2026 Oct 27, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, bui...Show more In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.Show less
CVE-2017-7341 1Fortinet 1Fortiwlc May 13, 2026 Oct 26, 2017 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin u...Show more An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests.Show less
CVE-2017-10955 1Emc 1Data Protection Advisor May 13, 2026 Oct 19, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists wi...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. Was ZDI-CAN-4697. NOTE: Dell EMC disputes that this is a vulnerabilityShow less
CVE-2017-3761 1Lenovo 1Service Framework May 13, 2026 Oct 17, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote co...Show more The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.Show less
CVE-2017-6224 1Ruckuswireless 2Unleashed Firmware Zonedirector Firmware May 13, 2026 Oct 13, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x....Show more Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request.Show less
CVE-2017-6223 1Ruckus 1Zonedirector Firmware May 13, 2026 Oct 13, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated...Show more Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system.Show less
CVE-2017-15226 1Zyxel 1Nbg6716 Firmware May 13, 2026 Oct 10, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call.
CVE-2017-1000116 3Debian MercurialRedhat 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more May 13, 2026 Oct 5, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
CVE-2017-11322 1Ucopia 1Ucopia Wireless Appliance May 13, 2026 Oct 3, 2017 N/A· v4 8.2 HIGH· v3 7.2 HIGH· v2 The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
CVE-2017-11321 1Ucopia 1Wireless Appliance May 13, 2026 Oct 3, 2017 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.
CVE-2017-14867 2Debian Git Scm 2Debian Linux Git May 13, 2026 Sep 29, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary...Show more Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.Show less
CVE-2017-14001 1Digium 1Asterisk Gui May 13, 2026 Sep 26, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of...Show more An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.Show less
CVE-2017-14705 1Denyall 2I Suite Web Application Firewall May 13, 2026 Sep 22, 2017 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php...Show more DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.Show less
CVE-2017-11395 1Trendmicro 1Smart Protection Server May 13, 2026 Sep 22, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.
CVE-2015-3431 1Pydio 1Pydio May 13, 2026 Sep 19, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities."
CVE-2017-14500 1Newsbeuter 1Newsbeuter May 13, 2026 Sep 17, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an...Show more Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904.Show less
CVE-2017-9328 1Terra Master 1Terramaster Operating System May 13, 2026 Sep 15, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root.
CVE-2017-10813 1Corega 1Wlr 300 Nm Firmware May 13, 2026 Sep 15, 2017 N/A· v4 6.8 MEDIUM· v3 7.7 HIGH· v2 CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

Previous 1...277278279...295 Next