Lucene search
+L

44 matches found

RedhatCVE
RedhatCVE
added 2025/09/21 7:25 p.m.21 views

CVE-2025-34197

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 VA and SaaS deployments contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges ubuntu...

8.6CVSS6.8AI score0.00251EPSS
Exploits1References1
NVD
NVD
added 2025/09/19 7:15 p.m.5 views

CVE-2025-34197

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 VA and SaaS deployments contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges ubuntu...

8.6CVSS0.00251EPSS
Exploits1References4
OSV
OSV
added 2025/09/19 7:15 p.m.3 views

CVE-2025-34197

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 VA and SaaS deployments contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges ubuntu...

7.8CVSS5.7AI score0.00251EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/19 6:39 p.m.4 views

CVE-2025-34197 Vasion Print (formerly PrinterLogic) Undocumented Local Account with Hardcoded Password and Passwordless sudo

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 VA and SaaS deployments contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges ubuntu...

8.6CVSS6.5AI score0.00251EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/19 6:39 p.m.11 views

CVE-2025-34197 Vasion Print (formerly PrinterLogic) Undocumented Local Account with Hardcoded Password and Passwordless sudo

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 VA and SaaS deployments contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges ubuntu...

8.6CVSS0.00251EPSS
Exploits1References4
CVE
CVE
added 2025/09/19 6:39 p.m.25 views

CVE-2025-34197

CVE-2025-34197 affects Vasion Print Virtual Appliance Host < 22.0.951 and Vasion Print Application

8.6CVSS6.5AI score0.00251EPSS
Exploits1References4Affected Software2
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.7 views

PT-2025-38596

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951 Vasion Print Application versions prior to 20.0.2368 Description Vasion Print formerly PrinterLogic Virtual Appliance Host and Application contain an...

8.6CVSS6.7AI score0.00251EPSS
Exploits1References8
OSV
OSV
added 2025/09/16 8:15 p.m.5 views

CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

8.8CVSS6AI score0.03161EPSS
Exploits2References4
NVD
NVD
added 2025/09/16 8:15 p.m.8 views

CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

9.3CVSS0.03161EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/09/16 7:45 p.m.9 views

CVE-2025-34187 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

9.3CVSS7.3AI score0.03161EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/09/16 7:45 p.m.13 views

CVE-2025-34187 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

9.3CVSS0.03161EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2025/09/16 7:45 p.m.5 views

CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

9.3CVSS6AI score0.03161EPSS
Exploits2References4
Zero Science Lab
Zero Science Lab
added 2025/09/05 12:0 a.m.179 views

Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

9.3CVSS5.9AI score0.03161EPSS
Exploits2
CVE
CVE
added 2025/08/11 2:56 p.m.16 views

CVE-2012-10040

Openfiler v2.x has a command-injection in the system.html page where the device parameter constructs a NetworkCard object and its constructor calls exec() with unsanitized input. An authenticated attacker can run arbitrary commands as the openfiler user; due to misconfigured sudoers, this user ca...

9.4CVSS8.4AI score0.02414EPSS
Exploits0References5
0day.today
0day.today
added 2024/04/12 12:0 a.m.318 views

Ray OS v2.6.3 - Command Injection Exploit

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

9.8CVSS8.7AI score0.7463EPSS
Exploits15
CNNVD
CNNVD
added 2022/08/04 12:0 a.m.7 views

VMware Workspace One Access 权限许可和访问控制问题漏洞

VMware Workspace One Access is a centralized management console from VMware, Inc. that allows you to manage users and groups, set and manage authentication and access policies, as well as add resources to a directory and manage permissions for those resources. A vulnerability exists in VMware...

7.8CVSS8.4AI score0.01101EPSS
Exploits3References3
CNVD
CNVD
added 2020/10/26 12:0 a.m.5 views

FruityWifi Elevation of Privilege Vulnerability

FruityWifi is a wireless network auditing tool. A security vulnerability exists in FruityWifi version 2.4 and prior versions, which stems from the presence of a fail-safe Sudo configuration ALL: ALL NOPASSWD: ALL. The vulnerability can be exploited by an attacker to perform a system-level root...

7.8CVSS7.1AI score0.00387EPSS
Exploits1References1
OSV
OSV
added 2020/02/06 5:15 p.m.2 views

CVE-2020-7954

An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs e.g. nmap without the need for a...

7.8CVSS7.2AI score0.00384EPSS
Exploits0References2
OSV
OSV
added 2019/09/05 5:15 p.m.3 views

CVE-2019-15949

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...

8.8CVSS7.5AI score0.77741EPSS
Exploits13References4
Prion
Prion
added 2019/09/05 5:15 p.m.23 views

Command injection

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...

9CVSS8.8AI score0.77741EPSS
Exploits13References3Affected Software1
Rows per page
Query Builder