CVE-2025-65076 Arbitrary File Read and Delete via Path Traversal in WaveStore Server

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete any file on the server using path traversal in the ilog script. This script is being run with root...

WaveStore Server 操作系统命令注入漏洞

WaveStore Server is a video surveillance recording and storage server software from WaveStore UK. WaveStore Server suffers from an operating system command injection vulnerability that stems from path traversal in the showerr script, which could lead to the execution of arbitrary OS commands...