15257 matches found
CVE-2025-50123
A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input...
CVE-2025-50123
Schneider Electric EcoStruxure IT Data Center Expert (DCE) versions 8.3 and earlier are affected by CVE-2025-50123 due to insufficient sanitization of the hostname input in the .bcsetup script. The hostname value can pass a format check yet include a semicolon and commands, causing those OS comma...
CVE-2025-50123
A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input...
CVE-2025-50123
A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input...
PT-2025-29224 · Juniper Networks · Juniper Networks
Name of the Vulnerable Software and Affected Versions: Juniper Networks affected versions not specified Description: A code injection issue exists that could lead to remote command execution with privileged access. This occurs when the server is accessed through a console and exploits the hostnam...
Schneider Electric EcoStruxure IT Data Center Expert 代码注入漏洞
Schneider Electric EcoStruxure IT Data Center Expert is a scalable monitoring software from Schneider Electric France that collects, organizes, and distributes critical device information to provide a comprehensive view of devices. A code injection vulnerability exists in Schneider Electric...
CVE-2025-34099
An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidialsalesviewer.php component when password encryption is enabled a non-default configuration. The application improperly passes the HTTP Basic Authentication password directly ...
CVE-2025-34095
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute code, which is then persisted on...
📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Command Execution
Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below have a configuration modification issue where sufficient input sanitization is not performed on the value provided for the hostname of the appliance. The hostname variable can include a command terminator and subsequent...
PT-2025-29137 · Unknown · Mako Server
Name of the Vulnerable Software and Affected Versions: Mako Server versions 2.5 and 2.6 Description: An OS command injection vulnerability exists within the tutorial interface. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute code to the...
CVE-2025-20319
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability editscripted and listinputs capability , could perform a remote command execution due to improper user input sanitization on the scripted input files. See Defin...
The vulnerability of the LAN Controller feature of the Cisco IOS XE operating system allows a hacker to execute arbitrary commands.
The vulnerability of the LAN Controller feature of the Cisco IOS XE operating system is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Modbus TCP Packet Handler component in the Ethernet module software for WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN allows a hacker to execute arbitrary commands.
The vulnerability of the Modbus TCP Packet Handler component in the Ethernet module software of WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2025-37102
CVE-2025-37102 is an authenticated command-injection vulnerability affecting the CLI of HPE Networking Instant On Access Points. The attack could allow a remote attacker with elevated privileges to run arbitrary commands on the underlying OS as a highly privileged user (CVSS 3.1 base 7.2, NETWORK...
CVE-2025-37102 Authenticated Command Injection Vulnerability In Instant On Command Line Interface
An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system as a highly privilege...
ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
Exploit Title: ScriptCase 9.12.006 23 - Remote Command Execution RCE Date: 04/07/2025 Exploit Author: Alexandre ZANNI noraj & Alexandre DROULLÉ cabir Vendor Homepage: https://www.scriptcase.net/ Software Link: https://www.scriptcase.net/download/ Version: 1.0.003-build-2 Production Environment /...
CVE-2025-20319
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability editscripted and listinputs capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.See Define...
CVE-2025-20319
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability editscripted and listinputs capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.See Define...
CVE-2025-20319 Remote Command Execution through Scripted Input Files in Splunk Enterprise
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability editscripted and listinputs capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.See Define...
CVE-2025-20319
CVE-2025-20319 affects Splunk Enterprise prior to versions 9.4.3, 9.3.5, 9.2.7, and 9.1.10. The root cause is improper user input sanitization in scripted input files, exploitable by a user who has a role with the high‑privilege capabilities edit_scripted and list_inputs . This could enable remot...