VulnCheck KEV: CVE-2025-34300

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...

CVE-2025-34300

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...

VulnCheck KEV: CVE-2017-17761

An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote LAN unauthenticated user to run arbitrary commands. This binary requires the "system" XML element for specifying the command. For example, a id command...

CVE-2020-7540

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause unauthenticated command executio...

ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution

Exploit Title: ABB Cylon Aspect 3.08.02 deployStart.php Unauthenticated Command Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable...

ZendTo 安全漏洞

ZendTo is a web-based file transfer system from ZendTo, Inc. A security vulnerability exists in ZendTo versions 5.24-3 through prior to 6.10-7, which stems from the presence of shell metacharacters in the tmpname parameter, and could lead to the execution of arbitrary commands by an...

ABB Cylon Aspect 3.08.02 (deployStart.php) Unauthenticated Command Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB Cylon Aspect BMS/BAS controller suffers from an unauthenticat...

Cleo LexiCom < 5.8.0.24 Unauthenticated Arbitrary Command Execution (CVE-2024-55956)

The version of Cleo LexiCom running on the remote host is prior to 5.8.0.24. It is, therefore, affected by an unauthenticated arbitrary command execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

PT-2024-6816 · Moxa · Moxa Nat-102 Oncell G4302-Lte4 +5

Name of the Vulnerable Software and Affected Versions: Moxa EDR-8010 versions affected versions not specified Moxa EDR-G9004 versions affected versions not specified Moxa EDR-G9010 versions affected versions not specified Moxa EDR-G1002-BP versions affected versions not specified Moxa NAT-102...

CVE-2024-45519

The postjournal service in Zimbra Collaboration ZCS before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. Recent assessments: ccondon-r7 at October 02, 2024 7:58pm UTC reported: This is one of a list o...

VulnCheck KEV: CVE-2024-34257

TOTOLINK EX1800T V9.1.0cu.2112B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges...

VulnCheck KEV: CVE-2024-29895

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when registerargcargv option of PHP is On. In cmdrealtime.php line 119, the...

VulnCheck KEV: CVE-2024-23692

Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request...

VulnCheck KEV: CVE-2023-41109

SmartNode SN200 aka SN200 3.21.2-23021 allows unauthenticated OS Command Injection...

KDDI HGW BL1500HM 安全漏洞

The KDDI HGW BL1500HM is a home router from KDDI Japan. A security vulnerability exists in KDDI HGW BL1500HM 002.001.013 and earlier versions that originated from allowing an unauthenticated attacker to execute arbitrary commands...

CVE-2023-4474

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

VulnCheck KEV: CVE-2023-38646

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1,...

CVE-2023-32619

Archer C50 firmware versions prior to 'Archer C50JPV3230505' and Archer C55 firmware versions prior to 'Archer C55JPV1230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command...

PT-2023-23914 · Tp Link · Archer C55 +1

Name of the Vulnerable Software and Affected Versions: Archer C50 versions prior to Archer C50JP V3 230505 Archer C55 versions prior to Archer C55JP V1 230506 Description: The affected devices use hard-coded credentials to login, which may allow a network-adjacent unauthenticated attacker to...

Wago Unauthenticated command execution via Web-based-management (CVE-2023-1698)

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. This plugin only works with Tenable.ot. Please visit...