CVE-2017-18434

cPanel before 64.0.21 allows code execution in the context of the root account via a SETVHOSTLANGPACKAGE multilang adminbin call SEC-237...

CVE-2017-18390

cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups SEC-322...

CVE-2019-7269

Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution...

CVE-2019-7269

Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution...

Command injection

Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution...

CVE-2019-7269

Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution...

CVE-2019-7274

Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root...

CVE-2019-7276

Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console...

CVE-2019-7276

Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console...

CVE-2019-7276

Optergy Proton/Enterprise BMS is affected by CVE-2019-7276: unauthenticated remote code execution via a backdoor console. Public details show an undocumented backdoor script (Console.jsp) in the tools directory that enables full root access on vulnerable versions (notably 2.0.3a and earlier). Exp...

Cisco Data Center Network Manager Arbitrary File Upload Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. An arbitrary file upload vulnerability exists in the web-based management interfac...

The vulnerability of the command-line interface of the Cisco NX-OS network operating system allows a attacker to execute arbitrary code with root privileges.

The vulnerability of the command-line interface CLI of the Cisco NX-OS network operating system is related to insufficient validation of input data. Exploiting this vulnerability could allow a attacker to execute arbitrary code with root privileges on the Linux base operating system...

The vulnerability of the command-line interface of the Cisco NX-OS network operating system allows a attacker to execute arbitrary code with root privileges.

The vulnerability of the command-line interface CLI of the Cisco NX-OS network operating system is related to insufficient validation of input data. Exploiting this vulnerability could allow a attacker to execute arbitrary code with root privileges on the Linux base operating system...

Exploit for Improper Input Validation in Apple Mac_Os_X

CVE-2019-8561 Proof of concept exploit for CVE-2019-8561 disc...

CVE-2019-9189

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

Design/Logic Flaw

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

CVE-2019-9189

Summary of CVE-2019-9189 (FlexAir): Prima Systems FlexAir, versions 2.4.9api3 and earlier, allows uploading arbitrary Python scripts when configuring the main central controller. These scripts can be executed immediately with root privileges, enabling an authenticated attacker to gain full system...

CVE-2019-9189

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and network device management system, as well as the Cisco Evolved Programmable Network Manager software, allows a malicious actor to execute arbitrary code with root privileges.

The vulnerability of the Web interface of the Cisco Prime Infrastructure software for managing network life cycles and the Cisco Evolved Programmable Network Manager software for managing network services is related to incorrect data input validation. Exploiting this vulnerability could allow a...

Code injection

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root...