14 matches found
EUVD-2026-36389
The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...
EUVD-2014-3221
Malware in sbrugna...
CVE-2025-53927
MaxKB before 2.0.0 has a sandbox bypass where the security design restricts only a specific directory’s execution permissions. An attacker can abuse Python’s shutil.copy2 to copy a command into the executable directory, bypassing the directory restrictions and enabling a reverse shell. Affected p...
CVE-2025-53927 MaxKB sandbox bypass
MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the shutil.copy2 method in Python to copy the command they...
CVE-2025-25504
An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC In AV over IP products v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges...
CVE-2022-47531
An issue was discovered in Ericsson Evolved Packet Gateway EPG versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell...
CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems
The U.S. Cybersecurity and Infrastructure Security Agency CISA has published four Industrial Control Systems ICS advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that...
Ericsson Evolved Packet Gateway 安全漏洞
Ericsson Evolved Packet Gateway is a multifunctional gateway for mobile communications from Ericsson, Sweden. A security vulnerability exists in Ericsson Evolved Packet Gateway that stems from a lack of input validation. The vulnerability can be exploited to bypass the system CLI and execute...
CVE-2021-31357
A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability...
CVE-2016-9016
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call...
wemux -- read-only can be bypassed
JonApps reports: The read-only mode can be bypassed and any command sent to bash session...
DEBIAN-CVE-2012-0920
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...
Cisco IOS Command EXEC Unspecified Vulnerability
An unspecified vulnerability in Command EXEC allows local users to bypass command restrictions and obtain sensitive information via an unspecified 'variation of an IOS command'. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17775; scriptversion"1.5";...
Command injection
usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command...