net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution

A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

ZeroShell 3.9.0 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...

ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...

CVE-2016-6276 - Vulnerability in Citrix Linux VDA (formerly known as Linux Virtual Desktop) Could Result in Privilege Escalation

Description of Problem A vulnerability has been identified in the Linux Virtual Delivery Agent VDA component of Citrix XenDesktop that could allow a local user to execute commands as root on the Linux VDA. The vulnerability affects all versions of the Citrix Linux VDA earlier than version 1.4.0...

Design/Logic Flaw

Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any...

CVE-2020-5634

ELECOM LAN routers WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10 allow an attacker on the same network segment to execute arbitrary OS commands with a...

CVE-2020-3403

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the...

CVE-2020-2038

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlie...

CVE-2020-14510

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root...

DEBIAN-CVE-2020-15862

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root...

Security Bulletin: IBM Elastic Storage Server is affected by a vulnerability where an unprivileged user could execute commands as root ( CVE-2020-4273)

Summary A security vulnerability has been identified in all levels of IBM Elastic Storage Server that could allow an unprivileged user to execute commands as root. A fix for this vulnerability is available Vulnerability Details CVEID: CVE-2020-4273 DESCRIPTION: IBM Spectrum Scale 4.2 and 5.0 coul...

The vulnerability in the web interface of the operating system PAN-OS allows a perpetrator to execute arbitrary commands on the operating system with root privileges.

The vulnerability in the web interface of the operating system PAN-OS exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary operating system...

Grandstream UCM6200 Series OS Command Injection Vulnerability (CNVD-2020-44351)

The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. An OS command injection vulnerability exists in the Grandstream UCM6200 series versions 1.0.20.23 and earlier. A remote authenticated attacker can exploit this vulnerability by sending a...

CVE-2020-5535

OpenBlocks IoT VX2 prior to Ver.4.0.0 Ver.3 Series allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors...

CVE-2019-12511

In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...

CVE-2020-5525

Aterm series Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen...

The vulnerability of the Junos Dynamic Host Configuration Protocol Daemon (JDHCPD) in the operating system allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the Junos Dynamic Host Configuration Protocol Daemon JDHCPD operating system is related to the failure to eliminate special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root...

Netis WF2419 Remote Code Execution Vulnerability

The Netis WF2419 is a 300Mbps wireless router. A remote code execution vulnerability exists in Netis WF2419 1.2.31805, 2.2.36123. The vulnerability stems from a lack of validation of user input. An authenticated attacker can exploit this vulnerability to execute system commands as root via a web...

CVE-2020-8655

An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7...

CVE-2019-19681

Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator. NOTE: The product vendor states that the vulnerability as it is described is not in fact an actual...