CVE-2025-25039 Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface

A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager CPPM allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on...

CVE-2025-25039

The CVE-2025-25039 entry concerns Hewlett Packard Enterprise Aruba ClearPass Policy Manager (CPPM) by way of its web-based management interface. The vulnerability allows remote authenticated users to execute arbitrary commands on the underlying host, with the impact described as executing command...

Zyxel VMG4325-B10A 操作系统命令注入漏洞

The Zyxel VMG4325-B10A is a modem from China Heqin Zyxel. An operating system command injection vulnerability exists in the Zyxel VMG4325-B10A version 1.00AAFR.4C020170615. An attacker could exploit this vulnerability to execute operating system OS commands...

The vulnerability of the setVpnAccountCfg() function (/web/cgi-bin/cstecgi.cgi) in the TOTOLINK X5000R router’s microprogramming software allows a attacker to execute arbitrary commands.

The vulnerability of the setVpnAccountCfg function /web/cgi-bin/cstecgi.cgi of the TOTOLINK X5000R router’s microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command processing when handling the desc parameter...

The vulnerability of the setVpnAccountCfg() function (located in web/cgi-bin/cstecgi.cgi) in the TOTOLINK X5000R router’s microprogramming software allows a malicious actor to execute arbitrary commands.

The vulnerability of the setVpnAccountCfg function located at web/cgi-bin/cstecgi.cgi in the TOTOLINK X5000R router’s microprogramming software is related to the failure to eliminate special elements used in the operating system’s command processing when handling the pass parameter. Exploiting th...

The vulnerability of the setVpnAccountCfg() function (/web/cgi-bin/cstecgi.cgi) in the TOTOLINK X5000R router’s microprogramming software allows a attacker to execute arbitrary commands.

The vulnerability of the setVpnAccountCfg function /web/cgi-bin/cstecgi.cgi of the TOTOLINK X5000R router’s microprogramming software is related to the failure to eliminate special elements used in the operating system’s command when processing the user parameter. Exploiting this vulnerability...

Advantive VeraCore 安全漏洞

Advantive VeraCore is a SaaS order and warehouse management software from Advantive. A security vulnerability exists in Advantive VeraCore version 2025.1.0 and earlier, which stems from the presence of an SQL injection in timeoutWarning.asp that allows remote attackers to execute arbitrary SQL...

PT-2025-5620 · Advantive · Veracore

Name of the Vulnerable Software and Affected Versions: Advantive VeraCore versions through 2025.1.0 Description: A SQL injection vulnerability in timeoutWarning.asp allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter. This issue is being actively exploited. The...

CVE-2024-52875

An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response...

CVE-2024-52875

An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response...

CVE-2024-52875

Kerio Control (GFI) versions 9.2.5–9.4.5 are affected by a CRLF/HTTP response splitting vulnerability that abuses the dest parameter in GET requests to generate a Location header in a 302 response, enabling Open Redirect and HTTP Response Splitting, which can lead to reflected XSS. The issue affe...

CVE-2024-52875

An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response...

CVE-2024-52875

An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response...

CVE-2025-24505

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file...

CVE-2025-24505

Technical details about CVE-2025-24505, including affected products, versions, root cause, and fixes, are not publicly available in the provided connected documents. Monitor for updates.

CVE-2025-24505

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file...

CVE-2025-24505

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file...

The vulnerability of the web interface of the microprogramming software for routers EDIMAX BR-6476AC allows a hacker to enhance their privileges and execute arbitrary commands.

The vulnerability of the web interface of the microprogrammed software router EDIMAX BR-6476AC is related to the lack of measures taken for data cleaning at the management level. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary commands...

PT-2025-5377 · Unknown · Symantec Privileged Access Management

Name of the Vulnerable Software and Affected Versions: Privileged Access Management System affected versions not specified Description: This issue allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrad...

CVE-2025-0798

A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. This issue affects some unknown processing of the file rtscanner of the component Quarantine Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The...