CVE-2010-20059 FreeNAS < 0.7.2 rev 5543 exec_raw.php Arbitrary Command Execution

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The execraw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...

iXsystems FreeNAS 安全漏洞

Ixsystems iXsystems FreeNAS is an open source storage operating system from Ixsystems Inc. in the United States. A security vulnerability exists in iXsystems FreeNAS version 0.7.2, which originates from a web interface that contains an unauthenticated command execution backdoor that could lead to...

Tenda AC20 Command Injection Vulnerability

The Tenda AC20 is a wireless router from the Chinese company Tenda. The Tenda AC20 suffers from a command injection vulnerability that originates from the websFormDefine function in the /goform/telnet file failing to properly filter constructor command special characters, commands, etc. This...

CVE-2025-55294

The CVE-2025-55294 issue affects the screenshot-desktop package. The vulnerability stems from the format option in the Snapshot function, where user-controlled input is interpolated into a shell command without sanitization, enabling arbitrary command execution with the caller’s privileges. Repor...

📄 iDempiere WebUI 12.0.0.202508171158 CSV Injection

A CSV injection vulnerability exists in iDempiere WebUI version 12.0.0.202508171158. A CSV Injection vulnerability exists in iDempiere WebUI v12.0.0.202508171158. The application fails to properly sanitize user-supplied input before including it in exported CSV files. An authenticated attacker ca...

Linux Distros Unpatched Vulnerability : CVE-2017-16042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command...

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2025-1138)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1138 advisory. Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim's tar.vim plugin can allow overwriting of arbitrary files when opening specially craft...

Huawei EnzoH OS Command Injection Vulnerability

Huawei EnzoH is a wireless access device from Huawei China. Huawei EnzoH suffers from an operating system command injection vulnerability that can be exploited by an attacker to cause arbitrary command execution...

Security Updates for Microsoft Visio Products C2R (August 2025)

The Microsoft Visio Products are missing a security update. It is, therefore, affected by multiple remote code execution vulnerabilities that attackers can exploit to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has instea...

Cisco Secure Firewall Management Center 注入漏洞

Cisco Secure Firewall Management Center is a powerful network security management tool from Cisco. An injection vulnerability exists in Cisco Secure Firewall Management Center that stems from improper handling of input during the RADIUS authentication phase, which could lead to the execution of...

Cisco Secure Firewall Management Center和Cisco Secure Firewall Threat Defense 操作系统命令注入漏洞

Cisco Secure Firewall Management Center and Cisco Secure Firewall Threat Defense are both products of Cisco Corporation.Cisco Secure Firewall Management Center is a powerful Cisco Secure Firewall Threat Defense is an integrated firewall platform. Cisco Secure Firewall Management Center and Cisco...

Cisco Secure Firewall Management Center 命令注入漏洞

Cisco Secure Firewall Management Center is a powerful network security management tool from Cisco. A command injection vulnerability exists in Cisco Secure Firewall Management Center that stems from insufficient validation of HTTP request parameters and could lead to the execution of arbitrary...

Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞

Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are both products of Cisco, Inc.Cisco Secure Firewall Adaptive Cisco Secure Firewall Adaptive Security Appliance is an enterprise-class firewall software.Cisco Secure Firewall Threat Defense is an integrate...

PT-2025-33326 · Cisco · Cisco Secure Firewall Threat Defense (Ftd) +1

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software affected versions not specified Description: A flaw in Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cis...

CVE-2025-43989

The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the settimesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie bypassing normal session checks, an...

CVE-2025-47857

A improper neutralization of special elements used in an os command 'os command injection' vulnerability CWE-78 in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands...

Malicious code in tensorflowjs (npm)

Package is malicious due to code obfuscation, arbitrary command execution via childprocess.spawn, and suspicious postinstall script. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-6829 Malicious code in tensorflowjs (npm)

Package is malicious due to code obfuscation, arbitrary command execution via childprocess.spawn, and suspicious postinstall script. --- -= Per source details. Do not edit below this line.=-...

GO-2025-3834 1Panel agent certificate verification bypass leading to arbitrary command execution in github.com/1Panel-dev/1Panel/core

1Panel agent certificate verification bypass leading to arbitrary command execution in github.com/1Panel-dev/1Panel/core. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

Dell PowerProtect Data Domain Operating System Command Injection Vulnerability

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A security vulnerability exists in Dell PowerProtect Data Domain, which can be exploited by an attacker to execute arbitrary commands...