Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,947)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-6235 1Vim 1Vim Apr 23, 2026 Feb 21, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as...Show more The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.Show less
CVE-2008-3076 1Vim 1Vim Apr 23, 2026 Feb 21, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc comman...Show more The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.Show less
CVE-2008-3074 1Vim 2Tar.vim Vim Apr 23, 2026 Feb 21, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and po...Show more The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.Show less
CVE-2008-5516 2Git Git Scm 2Git Git Apr 23, 2026 Jan 20, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.
CVE-2008-5718 1Netatalk 1Netatalk Apr 23, 2026 Dec 26, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as dem...Show more The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.Show less
CVE-2008-4304 1Phpcollab 1Phpcollab Apr 23, 2026 Dec 23, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some en...Show more general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a base64-encoded string value, which may impose constraints on injection for typical shells.Show less
CVE-2008-4636 1Suse 1Yast2 Backup Apr 23, 2026 Nov 27, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
CVE-2008-4796 4Debian NagiosSnoopy Project+1 more 4Debian Linux NagiosSnoopy+1 more Apr 23, 2026 Oct 30, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remot...Show more The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.Show less
CVE-2008-2575 2Fedoraproject Jcoppens 2Cbrpager Fedora Apr 23, 2026 Jun 6, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.
CVE-2008-1115 1Sun 1Solaris Apr 23, 2026 Mar 3, 2008 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands.
CVE-2007-5653 1Php 1Php Apr 23, 2026 Oct 23, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by exe...Show more The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.Show less
CVE-2007-5322 1Microsoft 1Visual Foxpro Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function.
CVE-2007-4673 1Apple 1Quicktime Apr 23, 2026 Oct 4, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be rel...Show more Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045.Show less
CVE-2007-4891 1Microsoft 1Visual Studio Apr 23, 2026 Sep 14, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile method...Show more A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.Show less
CVE-2007-4560 1Clam Anti Virus 1Clamav Apr 23, 2026 Aug 28, 2007 N/A· v4 N/A· v3 7.6 HIGH· v2 clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of...Show more clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."Show less
CVE-2007-4041 2Microsoft Mozilla 2Firefox Internet Explorer Apr 23, 2026 Jul 27, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news,...Show more Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.Show less
CVE-2006-6427 1Xerox 1Workcentre Apr 23, 2026 Dec 10, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors i...Show more The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290.Show less
CVE-2006-0325 1Etomite 1Etomite Apr 16, 2026 Jan 20, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attacke...Show more Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter.Show less
CVE-2005-2368 1Vim Development Group 1Vim Apr 16, 2026 Jul 26, 2005 N/A· v4 N/A· v3 9.3 HIGH· v2 vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculati...Show more vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.Show less
CVE-2004-2732 1Netbilling 1Netbilling Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 4.3 MEDIUM· v2 nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensitive information via the cmd=test option, which can be leveraged to determine the access key.

Previous 1...294 295 296297298 Next