19611 matches found
CVE-2025-34160
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...
CVE-2024-13980
H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...
CVE-2024-13980
H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...
CVE-2024-13985
A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capturehandle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without...
CVE-2018-25115
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from...
CVE-2024-13980 H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE
H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...
CVE-2024-13980 H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE
H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...
CVE-2024-13980
CVE-2024-13980 affects H3C Intelligent Management Center (IMC) /byod/index.xhtml. The root cause is improper handling of JSF ViewState, allowing unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters and potentially achieve arbitrary command execution. Explo...
CVE-2018-25115
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from...
CVE-2018-25115 D-Link DIR-110/412/600/615/645/815 RCE via service.cgi
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from...
CVE-2024-13985 Dahua EIMS capture_handle.action RCE
A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capturehandle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without...
CVE-2024-13985 Dahua EIMS capture_handle.action RCE
A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capturehandle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without...
CVE-2024-13985
CVE-2024-13985 – Dahua EIMS : A command injection flaw affects Dahua EIMS versions prior to 2240008. The issue stems from improper input validation of the captureCommand parameter in the capture_handle.action API, allowing unauthenticated remote attackers to inject OS commands and potentially ful...
CVE-2025-9528
A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly...
CVE-2025-9528 Linksys E1700 systemCommand os command injection
A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly...
CVE-2025-9528
CVE-2025-9528 affects Linksys E1700 router (version 1.0.0.4.003). The vulnerability targets the function systemCommand in /goform/systemCommand; manipulating the command argument can cause an OS command injection. The attack can be launched remotely, and exploitation has been publicly disclosed. ...
PT-2025-34939 · H3C · H3C Intelligent Management Center
Name of the Vulnerable Software and Affected Versions: H3C Intelligent Management Center IMC versions up to and including E0632H07 Description: H3C Intelligent Management Center IMC contains a remote command execution issue in the /byod/index.xhtml endpoint. Improper handling of the...
H3C Intelligent Management Center 安全漏洞
H3C Intelligent Management Center is an integrated network management software platform from China's Xinhua San H3C. A security vulnerability exists in H3C Intelligent Management Center E0632H07 and prior versions, which stems from improper handling of JSF ViewState and could lead to remote comma...
Linux Distros Unpatched Vulnerability : CVE-2024-7110
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execut...
Linux Distros Unpatched Vulnerability : CVE-2019-13574
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly...