Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,884)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-4330 1Cisco 1Telepresence Video Communication Server Software May 6, 2026 Sep 2, 2015 N/A· v4 N/A· v3 6.9 MEDIUM· v2 A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.
CVE-2015-2980 1Yodobashi 1Yodobashi May 6, 2026 Aug 8, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document.
CVE-2015-2979 1Webservice Dic 1Yoyaku May 6, 2026 Jul 29, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2015-4279 1Cisco 1Unified Computing System May 6, 2026 Jul 20, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric in...Show more The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.Show less
CVE-2015-4244 1Cisco 1Asr 5000 Series Software May 6, 2026 Jul 10, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flas...Show more The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278.Show less
CVE-2015-4237 1Cisco 1Nx Os May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename...Show more The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.Show less
CVE-2015-4224 1Cisco 1Wireless Lan Controller Software May 6, 2026 Jun 26, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.
CVE-2015-4186 1Cisco 1Virtualization Experience Client 6000 Series Firmware May 6, 2026 Jun 17, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a...Show more The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412.Show less
CVE-2015-4183 1Cisco 1Unified Computing System May 6, 2026 Jun 17, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795.
CVE-2015-2955 1Igreks 3Milkystep Light Milkystep ProfessionalMilkystep Professional Oem May 6, 2026 Jun 13, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2014-9284 1Buffalotech 7Bhr 4grv2 Firmware Wex 300 FirmwareWhr 1166dhp Firmware+4 more May 6, 2026 Jun 9, 2015 N/A· v4 N/A· v3 7.7 HIGH· v2 The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers al...Show more The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.Show less
CVE-2014-9727 1Avm 1Fritzbox May 6, 2026 May 29, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.
CVE-2015-2845 1Goautodial 1Goadmin Ce May 6, 2026 May 12, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
CVE-2015-2844 1Goautodial 1Goadmin Ce May 6, 2026 May 12, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.
CVE-2015-0691 1Cisco 1Secure Desktop May 6, 2026 Apr 17, 2015 N/A· v4 N/A· v3 9.3 HIGH· v2 A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
CVE-2015-1388 1Arubanetworks 1Arubaos May 6, 2026 Mar 24, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via un...Show more The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors.Show less
CVE-2015-0525 1Emc 1Secure Remote Services May 6, 2026 Mar 12, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2015-0977 1Network Vision 1Intravue May 6, 2026 Feb 27, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2014-7269 1Asus 10Rt Ac56s Rt Ac56s FirmwareRt Ac68u+7 more May 6, 2026 Feb 1, 2015 N/A· v4 N/A· v3 6.5 MEDIUM· v2 ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmw...Show more ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.Show less
CVE-2013-6041 1Softaculous 1Webuzo May 6, 2026 Dec 27, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.

Previous 1...285286287...295 Next