CWE-78— OS Command Injection
5,510 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-78page 9 of 111
- CVE-2018-11166HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46).
- CVE-2018-11167HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46).
- CVE-2018-11168HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46).
- CVE-2018-11169HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46).
- CVE-2018-11170HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46).
- CVE-2018-11171HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46).
- CVE-2018-11172HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46).
- CVE-2018-11173HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46).
- CVE-2018-11174HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46).
- CVE-2018-11175HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).
- CVE-2018-11176HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).
- CVE-2018-11177HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).
- CVE-2018-11178HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).
- CVE-2018-11179HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).
- CVE-2018-11180HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46).
- CVE-2018-11181HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46).
- CVE-2018-11182HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46).
- CVE-2018-11183HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46).
- CVE-2018-11184HIGHCVSS 7.2EG 7.22018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46).
- CVE-2018-11185HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46).
- CVE-2018-11186HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46).
- CVE-2018-11187HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).
- CVE-2018-11188HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46).
- CVE-2018-11189HIGHCVSS 8.8EG 8.82018-06-02
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).
- CVE-2018-11215CRITICALCVSS 9.8EG 9.82019-07-03
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.
- CVE-2018-11229CRITICALCVSS 9.8EG 9.82018-06-08
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).
- CVE-2018-1143CRITICALCVSS 9.8EG 9.82018-04-19
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi.
- CVE-2018-1144CRITICALCVSS 9.8EG 9.82018-04-19
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
- CVE-2018-11510CRITICALCVSS 9.8EG 9.82018-06-28
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
- CVE-2018-11616HIGHCVSS 8.8EG 8.82018-08-30
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or ope…
- CVE-2018-1167HIGHCVSS 8.8EG 8.82018-04-19
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Spotify Music Player 1.0.69.336. User interaction is required to exploit this vulnerability in that the target must visit a malicious page …
- CVE-2018-1169HIGHCVSS 8.8EG 8.82018-03-02
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o…
- CVE-2018-11805MEDIUMCVSS 6.7EG 6.72019-12-12
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend…
- CVE-2018-1184MEDIUMCVSS 6.7EG 6.72018-02-03
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a maliciou…
- CVE-2018-1185MEDIUMCVSS 6.7EG 6.72018-02-03
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious …
- CVE-2018-12237HIGHCVSS 7.2EG 7.22019-01-24
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with el…
- CVE-2018-12268CRITICALCVSS 9.8EG 9.82018-06-13
acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line.
- CVE-2018-12307HIGHCVSS 8.8EG 8.82018-12-04
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.
- CVE-2018-12312HIGHCVSS 8.8EG 8.82018-12-04
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.
- CVE-2018-12313CRITICALCVSS 9.8EG 9.82018-12-04
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
- CVE-2018-12316HIGHCVSS 8.8EG 8.82018-12-04
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.
- CVE-2018-12317HIGHCVSS 8.8EG 8.82018-12-04
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.
- CVE-2018-1235CRITICALCVSS 9.8EG 9.82018-05-29
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary…
- CVE-2018-1238HIGHCVSS 7.5EG 7.52018-03-27
Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A rem…
- CVE-2018-1239HIGHCVSS 7.2EG 7.22018-05-08
Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary …
- CVE-2018-1242MEDIUMCVSS 6.5EG 6.52018-05-29
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploi…
- CVE-2018-12465CRITICALCVSS 9.1EG 7.22018-06-29
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This ca…
- CVE-2018-12483HIGHCVSS 8.8EG 8.82018-08-04
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. …
- CVE-2018-12577HIGHCVSS 8.8EG 8.82018-07-02
The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.
- CVE-2018-12591HIGHCVSS 7.2EG 7.22018-06-20
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators …
Map vulnerabilities like CWE-78 to your infrastructure
EchelonGraph correlates every CVE — across CWE-78 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →