Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,947)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-1885 1Microsoft 3Windows 2003 Server Windows Server 2003Windows Xp Apr 29, 2026 Jun 15, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass th...Show more The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."Show less
CVE-2010-1423 1Oracle 2Jdk Jre Apr 29, 2026 Apr 15, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attac...Show more Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.Show less
CVE-2010-1132 1Georg Greve 1Spamassassin Milter Plugin Apr 29, 2026 Mar 27, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO fiel...Show more The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.Show less
CVE-2010-0418 1Chumby 2Chumby Classic Chumby One Apr 29, 2026 Mar 10, 2010 N/A· v4 N/A· v3 10.0 HIGH· v2 The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.
CVE-2010-0934 1Perforce 1Perforce Server Apr 29, 2026 Mar 5, 2010 N/A· v4 N/A· v3 7.1 HIGH· v2 The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in t...Show more The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.Show less
CVE-2009-4644 1Accellion 1Secure File Transfer Appliance Apr 29, 2026 Feb 19, 2010 N/A· v4 N/A· v3 9.0 HIGH· v2 Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrat...Show more Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.Show less
CVE-2009-4498 1Zabbix 1Zabbix Apr 23, 2026 Dec 31, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.
CVE-2009-4025 1Pear 1Pear Apr 23, 2026 Nov 29, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE...Show more Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information.Show less
CVE-2009-3233 1Cameron Morland 1Changetrack Apr 23, 2026 Sep 17, 2009 N/A· v4 N/A· v3 7.2 HIGH· v2 changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.
CVE-2008-7158 1Numarasoftware 1Footprints Apr 23, 2026 Sep 2, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to...Show more Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party information.Show less
CVE-2008-7125 1Ariadne Cms 1Ariadne Cms Apr 23, 2026 Aug 31, 2009 N/A· v4 N/A· v3 9.0 HIGH· v2 pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. NOTE: some of these details are o...Show more pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. NOTE: some of these details are obtained from third party information.Show less
CVE-2009-2288 1Nagios 1Nagios Apr 23, 2026 Jul 1, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
CVE-2009-2011 1Dxstudio 1Dx Studio Player Apr 23, 2026 Jun 16, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allow...Show more Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.Show less
CVE-2008-2475 1Ebay 1Enhanced Picture Uploader Activex Control Apr 23, 2026 Jun 9, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property.
CVE-2009-1916 1Gscripts 1Dns Tools Apr 23, 2026 Jun 4, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter.
CVE-2009-1792 1Stonetrip 2S3dplayer Standalone S3dplayer Web Apr 23, 2026 May 29, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell me...Show more The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument).Show less
CVE-2008-6669 1Dirk Bartley 1Nweb2fax Apr 23, 2026 Apr 8, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action.
CVE-2008-6554 1Aztech 1Adsl2/2+4 Port Router Apr 23, 2026 Mar 30, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.
CVE-2009-0854 1Dash 1Dash Apr 23, 2026 Mar 11, 2009 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.
CVE-2009-0848 1Opensuse 1Opensuse Apr 23, 2026 Mar 11, 2009 N/A· v4 N/A· v3 4.4 MEDIUM· v2 Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path."

Previous 1...294 295296297 298 Next