Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,889)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-14405 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Sep 13, 2017 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php.
CVE-2017-6796 1Cisco 1Ios Xe May 13, 2026 Sep 7, 2017 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the und...Show more A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. Cisco Bug IDs: CSCve48949.Show less
CVE-2017-13713 1Twsz 1Wifi Repeater Firmware May 13, 2026 Sep 7, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg.
CVE-2017-14135 1Dreambox 1Opendreambox May 13, 2026 Sep 4, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the...Show more enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI.Show less
CVE-2017-14127 1Technicolor 1Td5336 Firmware May 13, 2026 Sep 4, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_...Show more Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.Show less
CVE-2017-14119 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Sep 3, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a...Show more In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter.Show less
CVE-2017-14118 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Sep 3, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in th...Show more In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php.Show less
CVE-2017-14100 1Digium 2Asterisk Certified Asterisk May 13, 2026 Sep 2, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module h...Show more In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.Show less
CVE-2015-5958 1Phpfilemanager Project 1Phpfilemanager May 13, 2026 Aug 31, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.
CVE-2017-10951 1Foxitsoftware 1Foxit Reader May 13, 2026 Aug 29, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within app.launchURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4724.Show less
CVE-2017-10832 1Nippon Antenna 1Scr02hd Firmware May 13, 2026 Aug 29, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2016-0634 1Gnu 1Bash May 13, 2026 Aug 28, 2017 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.
CVE-2017-11366 1Codiad 1Codiad May 13, 2026 Aug 21, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.
CVE-2017-10811 1Buffalo 1Wcr 1166ds Firmware May 13, 2026 Aug 18, 2017 N/A· v4 6.8 MEDIUM· v3 7.7 HIGH· v2 Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors.
CVE-2017-6710 1Cisco 1Virtual Network Function Element Manager May 13, 2026 Aug 17, 2017 N/A· v4 8.1 HIGH· v3 8.5 HIGH· v2 A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerab...Show more A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF Element Manager users to specify arbitrary commands that will run as root on the server. An attacker could use this setting to elevate privileges and run commands in the context of the root user on the server. Cisco Bug IDs: CSCvc76670. Known Affected Releases: prior to 5.0.4 and 5.1.4.Show less
CVE-2017-11150 1Synology 1Office May 13, 2026 Aug 14, 2017 N/A· v4 7.8 HIGH· v3 6.5 MEDIUM· v2 Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF docume...Show more Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.Show less
CVE-2017-12581 1Electron 1Electron May 13, 2026 Aug 6, 2017 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the S...Show more GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call.Show less
CVE-2017-2281 1Iodata 1Wn Ax1167gr Firmware May 13, 2026 Aug 2, 2017 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
CVE-2016-7844 1Gigaccsecure 1Gigacc Office May 13, 2026 Aug 2, 2017 N/A· v4 5.5 MEDIUM· v3 6.0 MEDIUM· v2 GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template.
CVE-2017-11381 1Trendmicro 1Deep Discovery Director May 13, 2026 Aug 1, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.

Previous 1...278279280...295 Next