Lucene search
+L

890 matches found

Packet Storm
Packet Storm
added 2025/09/05 12:0 a.m.172 views

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell

Ilevia EVE X1/X5 Server version 4.7.18.0.eden reverse rootshell exploit. A misconfiguration in the sudoers file permits passwordless execution of specific Bash shell scripts via sudo, exposing a critical privilege escalation vulnerability. When such scripts are writable by a web-facing user...

8.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/01 7:21 a.m.6 views

Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection

Overview SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2025-54857 Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

9.8CVSS8AI score0.03214EPSS
Exploits0References4
OSV
OSV
added 2025/08/27 10:15 p.m.7 views

CVE-2018-25115

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from...

9.8CVSS6.1AI score0.08674EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.9 views

PT-2025-33278 · Kuwfi · Kuwfi 4G Ac900 Lte Router

Name of the Vulnerable Software and Affected Versions: KuWFi 4G AC900 LTE router version 1.0.13 Description: The KuWFi 4G AC900 LTE router is susceptible to command injection via the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary ...

8.8CVSS7.7AI score0.18596EPSS
Exploits0References6
CVE
CVE
added 2025/08/14 12:0 a.m.20 views

CVE-2025-43984

CVE-2025-43984 affects KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2; Software Version: GC111-GL-LM321_V3.0_20191211). An unauthenticated POST to the endpoint /goform/goform_set_cmd_process , using the SSID parameter, allows remote attackers to execute arbitrary OS commands with root priv...

9.8CVSS8.5AI score0.19452EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/07 8:31 p.m.7 views

CVE-2013-10069

The web interface of multiple D-Link routers, including DIR-600 rev B ≤2.14b01 and DIR-300 rev B ≤2.13, contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to...

10CVSS6AI score0.11859EPSS
Exploits1References1
OSV
OSV
added 2025/08/01 6:15 p.m.3 views

CVE-2025-8476

Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

8CVSS5.7AI score0.00128EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/07/23 11:23 p.m.3 views

SUSE CVE-2025-46811

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x8664/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image...

9.8CVSS7AI score0.10353EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2025/07/16 9:26 p.m.6 views

CVE-2025-34132

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and execute...

9.3CVSS6.1AI score0.01747EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2025/06/26 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-34042

An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...

9.4CVSS6.6AI score0.01763EPSS
In wildExploits1References30
RedhatCVE
RedhatCVE
added 2025/05/23 1:25 a.m.9 views

CVE-2022-25217

Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...

7.8CVSS7.1AI score0.00324EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:35 p.m.7 views

CVE-2022-27022

There is a stack overflow vulnerability in the SetSysTimeCfg function in the httpd service of Tenda AC9 V15.03.2.21cn. The attacker can obtain a stable root shell through a constructed payload...

10CVSS7.4AI score0.01665EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:0 p.m.6 views

CVE-2021-20134

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service zebra or ripd. Subsequen...

8.4CVSS7.7AI score0.07531EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 p.m.8 views

CVE-2020-29578

The official piwik Docker images before fpm-alpine Alpine specific contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access...

10CVSS7.3AI score0.02247EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 a.m.10 views

CVE-2019-9859

Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...

9CVSS7.3AI score0.03EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:8 p.m.10 views

CVE-1999-0353

rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory...

9.3CVSS7AI score0.02415EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:6 p.m.9 views

CVE-1999-0192

Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable...

10CVSS7.7AI score0.10041EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2025/05/02 12:0 a.m.9 views

The vulnerability of microprogrammed software in PLANET Technology devices stems from the lack of authenticity verification for a critical function. This allows attackers to create accounts with root privileges.

The vulnerability of PLANET Technology’s microprogrammed software for switches is related to the lack of authenticity verification for a critical function. Exploiting this vulnerability could allow a malicious actor, operating remotely, to create a user account with root privileges...

10CVSS8AI score0.00538EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2025/05/01 8:15 p.m.4 views

CVE-2025-46628

Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed...

7.3CVSS5.9AI score0.01739EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/13 12:37 p.m.15 views

CVE-2025-26411

An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web interface...

8.8CVSS6.9AI score0.00677EPSS
Exploits1References1
Rows per page
Query Builder