113 matches found
CVE-2025-37127 Authenticated Replay Attack contains Cryptographic Vulnerability
A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially...
CVE-2025-9996
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session...
CVE-2025-52548
E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...
CVE-2013-10069 D-Link Devices Unauthenticated RCE
The web interface of multiple D-Link routers, including DIR-600 rev B ≤2.14b01 and DIR-300 rev B ≤2.13, contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to...
CVE-2013-10050
An OS command injection vulnerability exists in multiple D-Link routers confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13 via the authenticated toolsvct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid...
PT-2025-29911 · Maxkb · Maxkb
Name of the Vulnerable Software and Affected Versions: MaxKB versions prior to 2.0.0 Description: MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because the software only restricts the execution permissions of files in a...
CVE-2025-26412
The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands...
CVE-2019-1010151
zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php...
CVE-2024-11861
EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access...
CVE-2024-12442
EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access...
CVE-2024-12442 Command injection in EnerSys AMPA versions 24.04 through 24.16, inclusive
EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access...
CVE-2024-11861
The CVE-2024-11861 entry details a command-injection vulnerability in EnerSys AMPA 22.09 and earlier, enabling privileged remote shell access via vulnerable components. Affected software: EnerSys AMPA (versions ≤ 22.09). Root cause: command-injection flaw as described in multiple sources. Impact:...
CVE-2024-11861 Command injection in EnerSys AMPA 22.09 and prior versions
EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access...
PT-2025-20556 · Enersys · Enersys Ampa
Name of the Vulnerable Software and Affected Versions: EnerSys AMPA versions 24.04 through 24.16 Description: The issue allows for command injection, which can lead to privileged remote shell access. Recommendations: For EnerSys AMPA versions 24.04 through 24.16, update to a version that is not...
Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp
CVE-2025-32433 Remote Shell Go-based exploit for CVE-2025-3243...
CVE-2019-5162
An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...
MAL-2025-619 Malicious code in secure-toolbots (npm)
This package contains a multi-functional infostealer malware which establishes C2 via Discord, exfiltrating sensitive user data and files and providing remote shell access to an attacker. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...
MAL-2025-71 Malicious code in secure-toolkits (npm)
This package contains a multi-functional infostealer malware which establishes C2 via Discord, exfiltrating sensitive user data and files and providing remote shell access to an attacker. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...
CVE-2024-38877
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 All versions, Omnivise T3000 Domain Controller R9.2 All versions, Omnivise T3000 Network Intrusion Detection System NIDS R9.2 All versions, Omnivise T3000 Product Data Management PDM R9.2 All versions, Omnivise T3000 R8...
PT-2024-10392
Name of the Vulnerable Software and Affected Versions Edimax AC1200 Wi-Fi 5 Dual-Band router BR-6476AC version 1.06 Description The issue is related to command injection problems in /bin/goahead, which can be triggered through API endpoints such as "/goform/tracerouteDiagnosis",...