CVE-2025-20124

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit...

Cisco AsyncOS 输入验证错误漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. An input validation error vulnerability exists in Cisco AsyncOS, which stems from insufficient validation of an XML configuration file, and can be exploited by an authenticated remote attacker to upload specially crafted files...

vivo ABE service 安全漏洞

vivo ABE service is a cell phone service program from the Chinese company Vivo. A security vulnerability exists in vivo ABE service, which stems from a flaw in the validation of input parameters, which allows an attacker to enter carefully constructed commands to cause ABE service to execute some...

PT-2024-35974 · Barco · Barco Clickshare Core +5

Name of the Vulnerable Software and Affected Versions: Barco ClickShare CX-30/20, C-5/10, ClickShare Bar Pro, and Core models versions prior to 2.21.1 Description: An injection vulnerability allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution a...

The vulnerability of the SSH server of the microprogrammed network interface devices of Cisco Adaptive Security Appliance (ASA) allows a attacker to execute arbitrary commands on the basic operating system as the root user.

The vulnerability of the SSH server of the microprogrammed network interface devices in Cisco Adaptive Security Appliance ASA is related to insufficient validation of data entered by users. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the basic operating...

PT-2024-9475 · Advantech · Advantech Eki-6333Ac-2G +1

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A vulnerability was discovered in the "edgserver" service of Advantech's...

Enel X Waybox 安全漏洞

The Enel X Waybox is a home charging station from Enel X, Inc. A security vulnerability exists in version 3.0 of the Enel X Waybox that stems from incorrect file ownership of the Privileged Services Library, which results in an attacker would be able to execute arbitrary operating system commands...

CVE-2024-20374

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating...

CVE-2024-20461

A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is not properly sanitized. An attacker could exploit...

PT-2024-7342 · Cisco · Cisco Ata 190

Name of the Vulnerable Software and Affected Versions: Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker with high privileges to...

Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2024-2574)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VulnCheck KEV: CVE-2022-31814

pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...

Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2024-2384)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : cups (EulerOS-SA-2024-2384)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the...

EulerOS 2.0 SP10 : cups (EulerOS-SA-2024-2409)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the...

PHOENIX CONTACT FL/TC MGUARD 操作系统命令注入漏洞

The PHOENIX CONTACT FL/TC MGUARD is a series of routers from PHOENIX CONTACT, Germany. An operating system command injection vulnerability exists in the PHOENIX CONTACT FL/TC MGUARD, which arises from improper neutralization of specific elements of user data, allowing a low-privileged remote...

PT-2024-30545 · Mguard · Mguard

Name of the Vulnerable Software and Affected Versions: mGuard devices affected versions not specified Description: A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY HTTP PORT. This...

The vulnerability of the web interface of the microprogramming software for Cisco Small Business SPA300 and SPA500 allows a perpetrator to execute arbitrary commands in the basic operating system.

The vulnerability of the web interface of Cisco Small Business SPA300 and SPA500 microprogramming software lies in the copying of input data into memory without checking its size. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands on the basic...

SUSE CVE-1999-0163

In older versions of Sendmail, an attacker could use a pipe character to execute root commands...

PT-2024-38051 · Unknown · Nimble Commander

Name of the Vulnerable Software and Affected Versions: Nimble Commander affected versions not specified Description: The issue arises from the server's improper validation of a client's authorization, specifically in the info.filesmanager.Files.PrivilegedIOHelperV2 component. This allows for the...