CVE-2025-41279

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

EUVD-2025-209988

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines...

CVE-2025-41265

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX Host contains an operating system command injection vulnerability. This...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 contains an operating system command injection vulnerability. This vulnerability...

PT-2026-44817

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

EUVD-2019-19330

Malware in sbrugna...

EUVD-2021-25647

Malware in sbrugna...

CVE-2021-20120

The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes such as changing the administrative password without the consent of the user...

CVE-2023-46319

WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface...

Cross site scripting

A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack...

CVE-2021-39285

A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack...

Grandstream GRP261x VoIP phone 命令注入漏洞

The Grandstream GRP261x VoIP phone is an IP phone from Grandstream USA. A carrier-grade IP phone designed for large-scale deployments. A command injection vulnerability exists in the Grandstream GRP261x VoIP phone running firmware version 1.0.3.6, which allows commands to be injected into its...

CVE-2019-1888 Cisco Unified Contact Center Express Privilege Escalation Vulnerability

A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid...

CVE-2019-1888 Cisco Unified Contact Center Express Privilege Escalation Vulnerability

A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid...

Cisco Unified Contact Center Express Privilege Escalation Vulnerability

A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid...

Design/Logic Flaw

The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users...

CVE-2019-9976

The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users...

CVE-2018-4019

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated...

CVE-2018-4019

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated...