CVE-2020-10215

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dnsqueryname parameter in a dnsquery.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected...

RLSA-2025:13940 Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

GHSA-3Q2W-42MV-CPH4 filebrowser Allows Shell Commands to Spawn Other Commands

Summary The Command Execution feature of File Browser only allows the execution of shell command which have been predefined on a user-specific allowlist. Many tools allow the execution of arbitrary different commands, rendering this limitation void. Impact The concrete impact depends on the...

CVE-2022-46101

AyaCMS v3.1.2 was found to have a code flaw in the ustsql.inc.php file, which allows attackers to cause command execution by inserting malicious code...

Incorrect Authorization

Mattermost is vulnerable to Incorrect Authorization. The vulnerability is due to improper restriction of command execution due to a flaw that allows authenticated users to run commands in archived channels...

CVE-2025-22604

CVE-2025-22604 affects Cacti, where a flaw in the multi-line SNMP result parser allows authenticated users to inject malformed OIDs; processing by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes() uses part of an OID as a key in an array that feeds a system command, causing a command execution vu...

ROS-20240816-16

A vulnerability in the opensslprivatedecrypt function of the PKCS1 Padding Handler component of the PHP programming language interpreter is related to the use of a version of OpenSSL that incorporates changes from the request. PHP programming language interpreter is related to the use of a versio...

TOTOLINK X6000R 安全漏洞

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a command execution vulnerability that stems from the IP parameter of the setDiagnosisCfg component failing to properly filter constructed command special characters, commands, and so on...

PT-2023-12762 · Audiocodes · Audiocodes Device Manager Express

Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: An issue was discovered that allows execution of commands. The "/BrowseFiles.php" API endpoint is vulnerable to a POST request with a cmd parameter set to "ssh" a...

CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added five security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. This includes three high-severity flaws in the Veritas Backup Exec Agent software...

Command Execution Vulnerability in UFIDA NC at UFIDA Network Technology Co.

UFIDA NC products are world-class high-end management software for group enterprises. A command execution vulnerability exists in UFIDA NC, which can be exploited by attackers to gain server control privileges...

Palo Alto Networks PAN-OS Command Execution Vulnerability

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS versions prior to 8.1.13. A local attacker could exploit the vulnerability to execute commands and gain root privileges...

Command Execution Vulnerability in eyoucms of Hainan Zanzan Network Technology Co.

EyouCms is a free + open source enterprise content management system based on the TP5.0 framework as the core development, focusing on the needs of enterprise building users. Hainan Zanzan Network Technology Co. eyoucms has a command execution vulnerability that can be exploited by attackers to...

OPENSUSE-SU-2020:0102-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location bsc1158095. This update was imported from the SUSE:SLE-15-SP1:Update update project...

SUSE-SU-2020:0131-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location bsc1158095...

Command Execution Vulnerability in Oracle WebLogic Server

WebLogic Server is Oracle's JavaEE-based middleware for developing, integrating, deploying and managing large-scale distributed Web applications, web applications and database applications. A command execution vulnerability exists in Oracle WebLogic Server. An attacker can cause arbitrary code...

GNU Mailutils 3.7 - Privilege Escalation Exploit

Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo CVE : CVE-2019-18862 Title : GNU Mailuti...

Oracle: Security Advisory (ELSA-2014-1999)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fortinet FortiAuthenticator Appliance Command Execution Vulnerability

Fortinet FortiAuthenticator is a family of secure authentication software from Fortinet that can be combined with FortiToken two-factor authentication token to provide secure two-factor authentication to third-party devices authenticated via RADIUS or LDAP. A command execution vulnerability exist...

Oracle Linux 6 / 7 : mailx (ELSA-2014-1999)

The remote Oracle Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2014-1999 advisory. 12.4-8 - CVE-2004-2771 mailx: command execution flaw resolves: 1171175 Tenable has extracted the preceding description block directly from the Orac...