397 matches found
CVE-2025-57198
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2025-57200
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the testmail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2025-57198
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2025-57200
The CVE-2025-57200 issue concerns AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003. Affected component: test_mail function, where an authenticated command injection flaw exists. Under the documented vector, an attacker with authenticated access can craft input to execute arbitrary ...
PT-2025-48819
Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The software contains an authenticated command injection flaw in the NetFailDetectD binary. This allows attackers to execute arbitrary commands via a crafted input...
AVTech DGM1104 安全漏洞
AVTech DGM1104 is a network video recorder from AVTech Corporation of Taiwan, China. A security vulnerability exists in the AVTech DGM1104 FullImg-1015-1004-1006-1003 version, which originates from an authenticated command injection in the testmail function and could lead to the execution of...
CVE-2025-57200
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the testmail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2025-57199
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
PT-2025-48818
Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The software contains an authenticated command injection issue in the /Machine.cgi API endpoint. Attackers can execute arbitrary commands by providing a crafted input...
CVE-2025-57201
CVE-2025-57201 affects AVTECH SECURITY DGM1104 FullImg-1015-1004-1006-1003. The issue is an authenticated command-injection vulnerability in the SMB server function that allows an attacker to execute arbitrary commands via a crafted input. CVSSv3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with...
CVE-2025-65202
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "nextfile," which allows an attacker to execute arbitrary commands with root privileges...
CVE-2025-65202
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "nextfile," which allows an attacker to execute arbitrary commands with root privileges...
Metasploit Wrap-Up 11/21/2025
CVE-2025-64446 - Fortinet’s FortiWeb exploitation A critical vulnerability in Fortinet’s FortiWeb Web Application Firewall, now assigned CVE-2025-64446 CVSS 9.1, allows unauthenticated attackers to gain full administrator access to the FortiWeb Manager interface and its websocket CLI. The flaw...
CVE-2025-34334 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & LPE
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodesfiles/TestFax.php. When a fax "send" test is requested, the application builds a faxsender comman...
CVE-2025-37162
CVE-2025-37162 describes an authenticated command injection vulnerability in the command line interface of affected devices. Successful exploitation could allow execution of arbitrary OS commands by an attacker with valid credentials and network access; impact is system compromise of the underlyi...
CVE-2025-37163
CVE-2025-37163 describes an authenticated command-injection vulnerability in the HPE Aruba Networking Airwave Platform CLI. An authenticated attacker could run arbitrary OS commands with elevated privileges on the underlying system. Affected component: AirWave CLI; impact is privilege escalation ...
CVE-2025-37158
CVE-2025-37158 describes a command injection vulnerability in the AOS-CX Operating System . The public records indicate an authenticated remote attacker could achieve Remote Code Execution (RCE) on the affected system. The available documents do not provide concrete details on affected versions, ...
CVE-2025-37158 Authenticated Command Injection allows Unauthorized Command Execution in AOS-CX
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution RCE on the affected system...
CVE-2025-37157 Authenticated Command Injection allows Unauthorized Command Execution in AOS-CX
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution RCE on the affected system...
CVE-2025-34322 Nagios Log Server < 2026R1.0.1 Authenticated Command Injection via Natural Language Queries
Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, certain user-controlled settings—including model selection and connection parameters—are read from the...