459 matches found
CVE-2025-10020 Command Injection
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component...
CVE-2025-10020
CVE-2025-10020 affects Zohocorp ManageEngine ADManager Plus prior to version 8024, with an authenticated command-injection in the Custom Script component caused by inadequate filtering of constructed command characters. Impact described across sources includes arbitrary command execution and pote...
CVE-2025-7850
CVE-2025-7850 is an authenticated OS command injection affecting TP-Link Omada gateway devices. The TP-Link/THN coverage describes exploitation via the WireGuard VPN settings where improper sanitization enables arbitrary OS commands (root) after admin authentication, with two other Omada flaws pa...
CVE-2025-34514 Ilevia EVE X1 Server 4.7.18.0.eden Authenticated Command Injection
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and...
EUVD-2025-34802
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and...
CVE-2025-34514
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and...
CVE-2025-37138
An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an...
CVE-2025-59051
The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows authenticated OS command...
CVE-2025-37138
An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an...
CVE-2025-37138 Authenticated Command Injection Vulnerability in CLI Binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface (Physical Access Required)
An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an...
CVE-2025-37133 Authenticated Command Injection Vulnerability in AOS-8 Controller/Mobility Conductor Web-Based Management Interface via the CLI Binaryalong with accounting controls for tracking and logging user activities and resource usage.
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system...
HPE Aruba Networking EdgeConnect OS 安全漏洞
HPE Aruba Networking EdgeConnect OS is an operating system from HPE America. A security vulnerability exists in HPE Aruba Networking EdgeConnect OS that originates from the presence of authenticated command injections in the CLI binary file, which could lead to the execution of arbitrary commands...
Hewlett Packard Enterprise ArubaOS 安全漏洞
Hewlett Packard Enterprise ArubaOS HPE ArubaOS is a networked wireless operating system from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise ArubaOS that originates from an authenticated command injection in the CLI binary, which could lead to the...
EUVD-2016-10792
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...
CVE-2016-15047 AVTECH CloudSetup.cgi Authenticated Command Injection
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...
CVE-2016-15047
CVE-2016-15047 (AVTECH CloudSetup.cgi): Authenticated OS command injection via the exefile parameter in CloudSetup.cgi. The parameter is passed to system command execution without proper validation/whitelisting, enabling an authenticated attacker to run arbitrary commands as root and potentially ...
EUVD-2020-28250
Malware in sbrugna...
EUVD-2020-30098
Malware in sbrugna...
EUVD-2021-25641
Malware in sbrugna...
EUVD-2024-42485
Malicious code in bioql PyPI...