CVE-2025-57791

A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role...

PT-2025-33901 · Commvault · Commvault

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: A security issue exists in Commvault that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful...

Cisco IOS XE Software Web Based Management Interface (cisco-sa-webui-multi-ARNHM4v6)

According to its self-reported version, Cisco IOS-XE Software is affected by multiple vulnerabilities. - A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected...

CVE-2022-1262

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root...

When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About

Multi-factor Authentication MFA has long ago become a standard security practice. With a wide consensus on its ability to fend off more than 99% percent of account takeover attacks, it's no wonder why security architects regard it as a must-have in their environments. However, what seems to be le...

When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About

Multi-factor Authentication MFA has long ago become a standard security practice. With a wide consensus on its ability to fend off more than 99% percent of account takeover attacks, it's no wonder why security architects regard it as a must-have in their environments. However, what seems to be le...

CVE-2022-1262

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root...

CVE-2022-1262

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root...

D-Link Routers 操作系统命令注入漏洞

D-Link Routers is a router from Taiwan, China-based AUO D-Link. A security vulnerability exists in D-Link Routers that allows an attacker with access to a remote command line interface to execute arbitrary commands as root...

PT-2022-13757 · Unknown · Protest Binary

Name of the Vulnerable Software and Affected Versions: protest binary affected versions not specified Description: A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. The issue is relate...

Design/Logic Flaw

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...

CVE-2020-12124

Summary of verified details : The WAVLINK WN530H4 device is affected by a remote command-injection vulnerability in the /cgi-bin/live_api.cgi endpoint. Technical content in the connected nuclei template confirms unauthenticated command execution as root, with high-risk impact. The vulnerability a...

CVE-2020-12124

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...

CVE-2018-18931

An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the...

Design/Logic Flaw

An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the...

CVE-2018-18931

CVE-2018-18931 affects Tightrope Media Carousel (v7.0.4.104). The issue arises from insecure default permissions on C:\TRMS\Services, enabling an attacker with system access to replace Carousel.Service.exe with a malicious executable. This independent service can be manipulated without affecting ...

CVE-2018-18931

An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the...

CVE-2016-1394

Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238...

Immunity Canvas: JENKINS_CLI_DESERIALIZATION

Name| jenkinsclideserialization ---|--- CVE| CVE-2015-8103 Exploit Pack| CANVAS Description| jenkinsclideserialization Notes| CVE Name: CVE-2015-8103 VENDOR: Jenkins NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0 WILL NOT WORK...