The vulnerability of the command-line interface (CLI) of FortiWeb web applications allows a hacker to bypass security restrictions and execute arbitrary commands.

The vulnerability of the command-line interface CLI of FortiWeb web applications relates to the execution of operations beyond the buffer limits in memory. Exploiting this vulnerability can allow an attacker to bypass security restrictions and execute arbitrary commands...

The vulnerability of the command-line interface of microprogrammed Ethernet switch FortiSwitch allows a hacker to execute arbitrary code.

The vulnerability of the command-line interface of microprogrammed Ethernet switch FortiSwitch exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows an attacker to execute arbitrary code...

Exploit for Double Free in Openbsd Openssh

OpenSSH Vulnerability Testing Tool for CVE-2023-25136 This re...

Exploit for Server-Side Request Forgery in Microsoft

SSRF Exploit Script This repository contains a script designe...

The vulnerability of the command line of Juniper Networks Junos OS models SRX1500, SRX4100, and SRX4200, related to insufficient handling of exceptional states, allows a attacker to trigger a service failure.

The vulnerability of the command line interface of Juniper Networks Junos OS models SRX1500, SRX4100, and SRX4200 is related to insufficient handling of exceptional states. Exploiting this vulnerability can allow a malicious actor to trigger service failures remotely...

CVE-2025-23052 Authenticated Command Injection Vulnerability allows Unauthorized Command Execution in CLI Interface

Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2025-23052

CVE-2025-23052 describes an authenticated command injection vulnerability in the CLI of Hewlett Packard Enterprise ArubaOS network management service. The issue allows an authenticated attacker with high privileges to execute arbitrary commands as the underlying OS user. The initial documents ind...

CVE-2024-40587

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests...

CVE-2024-26012

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2....

Fortinet FortiAP 操作系统命令注入漏洞

Fortinet FortiAP is a controller for managing wireless access point devices from Fortinet, Inc. Fortinet FortiAP suffers from an operating system command injection vulnerability that arises from an improper neutralization of special elements used in operating system commands, which can be exploit...

Fortinet FortiRecorder 路径遍历漏洞

Fortinet FortiRecorder is a Web-based network video recorder management system from Fortinet. A path traversal vulnerability exists in Fortinet FortiRecorder that stems from incorrectly restricting path names to restricted directories, resulting in a path traversal vulnerability. A privileged...

PT-2025-4794 · Hewlett Packard · Hpe Aruba Networking Aos

The network management service is affected by an authenticated command injection issue in its command line interface, which could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Unfortunately, the specific versions of the network management...

Fortinet FortiSwitch 操作系统命令注入漏洞

Fortinet FortiSwitch is a network switch management tool from Fortinet. An operating system command injection vulnerability exists in Fortinet FortiSwitch that stems from improper neutralization of a special element, allowing an attacker to execute unauthorized code or commands via the FortiSwitc...

Fortinet FortiMail和FortiRecorder 操作系统命令注入漏洞

Fortinet FortiRecorder and Fortinet FortiMail are both products of Fortinet, Inc.Fortinet FortiRecorder is a Web-based network video recorder management system.Fortinet FortiMail is an email security gateway products. Fortinet FortiMail is an email security gateway that provides email security an...

Juniper Networks Junos OS SRX 信息泄露漏洞

Juniper Networks Junos OS SRX is a Juniper Networks, Inc. network operating system designed for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. An information disclosure vulnerability exists in Juniper Networks Junos OS SRX, which...

Apache Airflow 代码问题漏洞

Apache Airflow is a set of open source platforms for creating, managing and monitoring workflows from the US Apache Apache Foundation. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow versions prior to 1.5.2 that stems from a...

The vulnerability of the Command Line Interface (CLI) of the Skupper package, a software management and microservice integration tool for cloud and hybrid environments under Red Hat Service Interconnect, allows an attacker to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Command Line Interface CLI of the Skupper package, a software tool for managing and integrating microservices in cloud and hybrid environments of Red Hat Service Interconnect, relates to the bypassing of authentication by using the default mode. Exploiting this...

GHSA-94P5-R7CC-3RPR path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability

Summary This is a POC for a path-sanitizer npm package. The filters can be bypassed and can result in path traversal. Payload: ..=%5c can be used to bypass this on CLI along with other candidates. Something similar would likely work on web apps as well. PoC Here's the code to test for the filter...

path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability

Summary This is a POC for a path-sanitizer npm package. The filters can be bypassed and can result in path traversal. Payload: ..=%5c can be used to bypass this on CLI along with other candidates. Something similar would likely work on web apps as well. PoC Here's the code to test for the filter...

CVE-2021-26115

An OS command injection CWE-78 vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS command injection CWE-78 vulnerability in FortiWA...