32 matches found
CVE-2025-66620
An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the fil...
CVE-2025-66620 Columbia Weather Systems MicroServer Command Shell in Externally Accessible Directory
An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the fil...
Columbia Weather Systems MicroServer 安全漏洞
Columbia Weather Systems MicroServer is a weather data server from Columbia Weather Systems, USA. A security vulnerability exists in Columbia Weather Systems MicroServer that stems from an unused webshell that allows unlimited login attempts, which could result in limited shell access being gaine...
EUVD-2024-32722
Malicious code in bioql PyPI...
CVE-2025-48395
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version of NMC G2 which is available on the Eaton download center...
CVE-2025-48395
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version of NMC G2 which is available on the Eaton download center...
CVE-2025-48395
CVE-2025-48395 affects Eaton NMC G2. The issue allows an attacker with authenticated privileged access to modify the contents of a non-sensitive file by traversing a path in the CLI’s limited shell. Root cause: path traversal in the restricted CLI shell. Impact is limited to file contents modific...
CVE-2025-48395
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version of NMC G2 which is available on the Eaton download center...
CVE-2025-48395
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version of NMC G2 which is available on the Eaton download center...
Linux Distros Unpatched Vulnerability : CVE-2016-6903
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. CVE-2016-6903 Note that Nessus relies on the...
CVE-2025-48394
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version which is available on the Eaton download center...
CVE-2021-37748
Multiple buffer overflows in the limited configuration shell /sbin/gsconfig on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manageif setting, thus bypassing the intended restrictions of this shell and taking full control ...
CVE-2024-4163
The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal IGX. However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exe...
CVE-2024-4163
The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal IGX. However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exe...
CVE-2024-4163
The CVE-2024-4163 issue affects Skylab IGX IIoT Gateway. The limited shell (IGX) runs with root privileges, enabling an attacker to read, write, and modify any OS file via shell file exec/download functions. By replacing /etc/passwd with a new root entry, the attacker can breakout to an unrestric...
CVE-2024-4163 Privilege Escalation on Skylab IIoT Gateway (IGX)
The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal IGX. However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exe...
CVE-2024-4163 Privilege Escalation on Skylab IIoT Gateway (IGX)
The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal IGX. However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exe...
PT-2024-29472 · Skylab · Skylab Igx Iiot Gateway
Name of the Vulnerable Software and Affected Versions: Skylab IGX IIoT Gateway affected versions not specified Description: The Skylab IGX IIoT Gateway has a security issue where the limited shell terminal process runs under root privileges, allowing an attacker to read, write, and modify any fil...
CVE-2023-40146
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocke...
CVE-2023-40146
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocke...