net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution

A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

Liquidfiles 跨站脚本漏洞

LiquidFiles is a virtual appliance that helps companies and organizations send, receive and share large files quickly and securely. A cross-site scripting vulnerability exists in the "Share" feature of LiquidFiles prior to version 3.3.19, which can be exploited by an attacker to execute commands ...

ZeroShell 3.9.0 - (cgi-bin/kerbynet) Remote Root Command Injection Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...

net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution

A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2020-2037

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1...

Red Lion N-Tron 702-W/702M12-W Unspecified Interface Vulnerability

The Red Lion N-Tron 702-W/702M12-W is a high voltage Ethernet switch product. An undocumented interface vulnerability exists in the Red Lion N-Tron 702-W/702M12-W, which can be exploited by an attacker to submit a special request to execute arbitrary commands with ROOT privileges...

Hardcoded credentials

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root...

CVE-2020-5760

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message...

CVE-2020-5757

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API...

PT-2020-5249 · Net Snmp +5 · Net-Snmp +5

Name of the Vulnerable Software and Affected Versions: Net-SNMP versions prior to 5.8 Description: The issue is related to improper privilege management in the Net-SNMP software. It allows SNMP WRITE access to the EXTEND MIB, which can be exploited to run arbitrary commands as root. This could...

CVE-2020-3277

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected...

CVE-2020-3212

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this...

SaltStack < 2019.2.4 / 3000.x < 3000.2 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is prior to 2019.2.4, 3000.x prior to 3000.2. It is, therefore, affected by multiple vulnerabilities: - An authentication bypass vulnerabilities exists in the ClearFuncs class due to improper...

CVE-2020-5722

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...

CVE-2020-9423

LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users,...

CVE-2019-11355

An issue was discovered in Poly formerly Polycom HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By...

Multiple vulnerabilities in OpenBlocks IoT VX2

Overview OpenBlocks IoT VX2 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities. Masahiro Murashima and Genta Kataoka of IERAE SECURITY INC. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

Cisco Firepower 4100 Series and Firepower 9300 Security Appliances FXOS Software Operating System Command Injection Vulnerability (CNVD-2020-14817)

The Cisco Firepower 4100 Series and the Cisco Firepower 9300 Security Appliance are both products of Cisco Corporation.The Cisco Firepower 9300 Security Appliance is a 9300 Series security appliance.The Cisco FXOS Software is a set of firewall software that runs in the Cisco Security Appliance.Th...

PT-2020-1990 · Cisco +1 · Cisco Fxos +1

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software affected versions not specified Description: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a...

CVE-2019-12511 Root Command Injection via MAC Address in SOAP API

In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...