CVE-2020-5534

Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors...

CVE-2020-5524

Aterm series Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function...

CVE-2020-6760

Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping...

CVE-2019-15711

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process...

PT-2020-6506

Name of the Vulnerable Software and Affected Versions EyesOfNetwork version 5.3 Description The issue is related to insufficient access control in the /etc/sudoers component of the EyesOfNetwork EON system and network monitoring tool. This can be exploited to escalate privileges, allowing an...

DrayTek Vigor Series Arbitrary Command Execution Vulnerability

The DrayTek Vigor300B is an enterprise-class router. The DrayTek Vigor300B cgi-bin/mainfunction.cgi URI fails to properly handle SHELL characters, which can be exploited by a remote attacker to submit a special request to execute arbitrary commands with ROOT privileges...

CVE-2020-1605

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon JDHCPD process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This...

CVE-2020-1609

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon JDHCPD process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. This...

CVE-2019-17621

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network...

PT-2019-4530 · D Link · D-Link Dir-895L/R +10

Name of the Vulnerable Software and Affected Versions: D-Link DIR-818Lx versions not specified D-Link DIR-822 versions not specified D-Link DIR-823 versions not specified D-Link DIR-859 versions 1.05 through 1.06B01 Beta01 D-Link DIR-865L versions not specified D-Link DIR-868L versions not...

Unspecified vulnerability in ezmaster

ezmaster is a tool for managing Docker applications and instances. A security vulnerability exists in ezmaster that can be exploited by an attacker to execute commands as the root user...

CVE-2017-12945

Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root...

Cisco TelePresence Collaboration Endpoint Software Elevation of Privilege Vulnerability (CNVD-2019-37411)

Cisco TelePresence is a Cisco TelePresence solution. A security vulnerability exists in Cisco TelePresence Collaboration Endpoint CE versions prior to 9.8.1 due to insufficient input validation. An attacker can exploit the vulnerability to be able to execute commands with root privileges by...

USN-4154-1 sudo vulnerability

Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user...

CVE-2019-17509

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php...

CVE-2019-15027

The CVE-2019-15027 issue affects the MediaTek Embedded Multimedia Card (eMMC) subsystem on Android devices with MT65xx, MT66xx, and MT8163 SoCs. The root cause is in clear_emmc_nomedia_entry (platform/mt6577/external/meta/emmc/meta_clr_emmc.c), which invokes system("/system/bin/rm -r /data/" + a ...

CVE-2019-15027

The MediaTek Embedded Multimedia Card eMMC subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clearemmcnomediaentry in platform/mt6577/external/meta/emmc/metaclremmc.c...

CVE-2019-1783

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments...

CVE-2019-3925

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...

DEBIAN-CVE-2019-7304

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1...