Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,963)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2001-1583 1Sun 1Sunos Apr 16, 2026 Dec 31, 2001 N/A· v4 N/A· v3 10.0 HIGH· v2 lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this mi...Show more lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.Show less
CVE-1999-0043 6Bsdi CalderaIsc+3 more 7Bsd Os Goah IntrasvGoah Networksv+4 more Apr 16, 2026 Dec 4, 1996 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
CVE-1999-0067 2Apache Ncsa 2Http Server Ncsa Httpd Apr 16, 2026 Mar 20, 1996 N/A· v4 N/A· v3 10.0 HIGH· v2 phf CGI program allows remote command execution through shell metacharacters.

Previous 1...295 296 297 298299