514 matches found
CVE-2025-44860
TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the msgprocess function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44846
TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-20178
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity...
CVE-2024-55372
Wallos =2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious fil...
CVE-2025-0415
A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for...
CVE-2025-25524
Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary...
Cisco Secure Email Gateway Privelege Escalation (cisco-sa-esa-sma-wsa-multi-yKUJhS34)
According to its self-reported version, Secure Email Gateway is affected by a vulnerability. - A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance coul...
Cisco NX-OS Command Injection (CVE-2017-12339)
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...
CVE-2024-51247
Affects DrayTek Vigor3900 firmware, version 1.5.1.3. The vulnerability arises from lack of neutralization of special elements in the operating system command used by the doPPPo function in the mainfunction.cgi script, enabling a remote attacker to inject and execute arbitrary commands. Documented...
CVE-2024-51248
The CVE-2024-51248 entry affects DrayTek Vigor3900 firmware (version 1.5.1.3). The root cause is lack of proper neutralization in the modifyrow function within mainfunction.cgi, enabling an attacker to inject commands and execute arbitrary code. Exploitation details are described across multiple ...
CVE-2024-51257
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function...
CVE-2024-27766
Disputed A flaw was found in MariaDB. This flaw allows a remote attacker to use a specially crafted payload to execute arbitrary commands in certain configurations. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...
CVE-2024-20459
The CVE-2024-20459 entry applies to Cisco ATA 190 Multiplatform Series analog telephone adapters. The issue stems from a lack of input sanitization in the web-based management interface, enabling an authenticated, high-privilege attacker to execute arbitrary commands on the underlying OS as root ...
CVE-2024-42737
The CVE-2024-42737 vulnerability affects TOTOLINK X5000r (version 9.1.0cu.2350_b20230313) where the CGI endpoint /cgi-bin/cstecgi.cgi contains an OS command injection in the delBlacklist function. An attacker can send a malicious packet to execute arbitrary commands on the affected device. The is...
CVE-2024-20450
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges...
CVE-2024-20296
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected...
SeaCMS 安全漏洞
SeaCMS is an open source content management system based on PHP+MySql technology. A security vulnerability exists in the SeaCMS adminweixin.php processing parameter, which can be exploited by an authenticated remote attacker to submit a special request that can be used to execute arbitrary comman...
RHEL 7 : mercurial (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mercurial: arbitrary command execution in mercurial repo with a git submodule CVE-2017-17458 - The...
CVE-2024-27260
CVE-2024-27260 : IBM AIX and VIOS are affected by a vulnerability in the invscout command that could allow a non-privileged local user to execute arbitrary commands. Affected products/versions: AIX 7.2 and 7.3; VIOS 3.1 and 4.1 (invscout.rte 2.2.0.0–2.2.0.26). Root cause is the invscout component...
Microsoft Windows Multiple Vulnerabilities (KB5037788)
This host is missing a critical security update according to Microsoft KB5037788 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...