Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,885)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-7413 1Horde 1Groupware May 13, 2026 Apr 4, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences...Show more In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.Show less
CVE-2017-6182 1Sophos 1Web Appliance May 13, 2026 Mar 30, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
CVE-2017-5330 2Fedoraproject Kde 2Ark Fedora May 13, 2026 Mar 27, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
CVE-2017-6087 1Eonweb Project 1Eonweb May 13, 2026 Mar 24, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function...Show more EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php.Show less
CVE-2017-6361 1Qnap 1Qts May 13, 2026 Mar 23, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
CVE-2017-6360 1Qnap 1Qts May 13, 2026 Mar 23, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
CVE-2017-6359 1Qnap 1Qts May 13, 2026 Mar 23, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
CVE-2017-6970 2Alienvault Nfsen 3Nfsen OssimUnified Security Management May 13, 2026 Mar 22, 2017 N/A· v4 8.4 HIGH· v3 4.6 MEDIUM· v2 AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.
CVE-2017-6398 1Trendmicro 1Interscan Messaging Security Virtual Appliance May 13, 2026 Mar 14, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the d...Show more An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it.Show less
CVE-2017-6334 1Netgear 1Dgn2200 Series Firmware Apr 21, 2026 Mar 6, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a diffe...Show more dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.Show less
CVE-2017-6077 1Netgear 1Dgn2200 Firmware Apr 21, 2026 Feb 22, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
CVE-2017-3806 1Cisco 1Firepower Threat Defense May 13, 2026 Feb 3, 2017 N/A· v4 5.3 MEDIUM· v3 4.6 MEDIUM· v2 A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell com...Show more A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known Affected Releases: 2.0(1.68). Known Fixed Releases: 2.0(1.118) 2.1(1.47) 92.1(1.1646) 92.1(1.1763) 92.2(1.101).Show less
CVE-2016-6065 1Ibm 1Security Guardium May 13, 2026 Feb 1, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.
CVE-2016-10043 1Mrf 1Web Panel May 13, 2026 Jan 31, 2017 N/A· v4 10.0 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character (...Show more An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character (\|) to inject arbitrary OS commands and retrieve the output in the application's responses. Attackers could execute unauthorized commands, which could then be used to disable the software, or read, write, and modify data for which the attacker does not have permissions to access directly. Since the targeted application is directly executing the commands instead of the attacker, any malicious activities may appear to come from the application or the application's owner (apache user).Show less
CVE-2017-3796 1Cisco 1Webex Meetings Server May 13, 2026 Jan 26, 2017 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6.
CVE-2016-6631 1Phpmyadmin 1Phpmyadmin May 6, 2026 Dec 11, 2016 N/A· v4 7.5 HIGH· v3 8.5 HIGH· v2 An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query st...Show more An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.Show less
CVE-2016-2876 1Ibm 1Qradar Security Information And Event Manager May 6, 2026 Nov 30, 2016 N/A· v4 7.5 HIGH· v3 8.5 HIGH· v2 IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a comm...Show more IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue.Show less
CVE-2016-3028 1Ibm 2Security Access Manager Security Access Manager For Web May 6, 2026 Nov 25, 2016 N/A· v4 9.1 CRITICAL· v3 9.0 HIGH· v2 IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin acce...Show more IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.Show less
CVE-2016-0325 1Ibm 1Rational Team Concert May 6, 2026 Nov 24, 2016 N/A· v4 6.3 MEDIUM· v3 7.5 HIGH· v2 IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11,...Show more IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to execute arbitrary OS commands via a crafted request.Show less
CVE-2016-6459 1Cisco 1Telepresence Tc Software May 6, 2026 Nov 19, 2016 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affe...Show more Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0.Show less

Previous 1...282283284...295 Next