450 matches found
CVE-2017-8020
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server...
VulnCheck KEV: CVE-2024-12847
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild...
The vulnerability of the Screensavercc component in the eLux RP operating system allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the Screensavercc component in the eLux RP operating system is related to the lack of measures to protect input data. Exploiting this vulnerability allows a malicious actor to bypass configuration restrictions and execute arbitrary commands with root privileges by inserting...
The vulnerability of the bpserverd protocol used by Unitrends Backup software allows a perpetrator to bypass authentication procedures or execute arbitrary commands with root privileges.
The vulnerability of the bpserverd protocol used by Unitrends Backup software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process or execute arbitrary commands with root privileges, using the xinetd...
Trend Micro Deep Discovery Director Hard-Coded Archive File Password Vulnerability
Trend Micro Deep Discovery is a protection product from Trend Micro that detects and identifies hard-to-find threats in real time and proposes solutions. director is one of the built-in solutions with the ability to update and upgrade various programs in Deep Discovery. A security vulnerability...
Cisco IOS XR Local Elevation of Privilege Vulnerability
Cisco IOS is the interconnected Internet operating system used on most Cisco Systems routers and network switches. An elevation of privilege vulnerability exists in Cisco IOS XR that allows a local user to execute arbitrary operating system commands as root by leveraging administrator privileges...
EMC VNX2 OE for File and VNX1 OE for File Local Elevation of Privilege Vulnerability
The EMC VNX2 OE for File and VNX1 OE for File are file storage devices from EMC Corporation USA. A security vulnerability exists in EMC VNX2 OE for File and VNX1 OE for File, which can be exploited by a local attacker to submit a special request to execute arbitrary commands with root privileges...
CVE-2017-8116
The management interface for the Teltonika RUT9XX routers aka LuCI with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request...
Remote Command Injection Vulnerability at Foscam camera Add User
FOSCAM Group is a national high-tech enterprise specializing in the design, research and development, manufacturing and sales of network cameras, network video recorders and other products. Remote command injection vulnerability exists in the usrName parameter of the CGIProxy.fcgi addAccount...
Design/Logic Flaw
In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root...
CVE-2017-8859
In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root...
GPG Suite Arbitrary Command Execution Vulnerability
GPG Suite is an iOS-based encryption and decryption suite for communication security. A security vulnerability exists in the 'installPackage' function of the installerHelper subcomponent in versions of GPG Suite prior to 2015.06. A local attacker can exploit the vulnerability to execute arbitrary...
Authentication Command Injection Vulnerability in PwdGrp.cgi for AVTECH Devices
AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. An authentication command injection vulnerability exists in AVTECH device PwdGrp.cgi. The PwdGrp.cgi script can be used to...
CVE-2016-4965
Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosiscontrol.php...
Bihu's uRouter Wireless Router Has Multiple Vulnerabilities
Bihu uRouter Wireless Router is an enterprise-grade intelligent routing product manufactured and marketed by Bihu Technology in China. Multiple vulnerabilities exist in the Bihu uRouter. An unauthenticated attacker can bypass the system authentication mechanism by providing a random SID cookie...
Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution
i? Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution Vendor: Iris ID, Inc. Product web page: http://www.irisid.com http://www.irisid.com/productssolutions/hardwareproducts/icu-7000-2/ Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1....
F5 iControl - 'iCall::Script' Root Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'nokogiri' class Metasploit3 "http://schemas.xmlsoap.org/soap/encoding/" STRINGATTRS = 'xsi:type' = 'urn:Common.StringSequence',...
RSA Web Threat Detection Elevation of Privilege Vulnerability
RSA Web Threat Detection is a big data and security analytics solution. A security vulnerability exists in RSA Web Threat Detection that could be exploited by a local attacker to inject special commands into a configuration file to execute arbitrary system commands with ROOT privileges...
Watchguard XCS FixCorruptMail Local Privilege Escalation
This module exploits a vulnerability in the Watchguard XCS 'FixCorruptMail' script called by root's crontab which can be exploited to run a command as root within 3 minutes. This module requires Metasploit: https://metasploit.com/download Current source:...
Red Hat OpenShift Enterprise Arbitrary Command Execution Vulnerability
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. A security vulnerability exists in Red Hat OpenShift Enterprise version 3.0.0.0 tha...