447 matches found
CVE-2018-20162
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root...
CVE-2019-1614
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to incorrect input validation of user-supplied data by the NX-API subsystem. An attacker could exploit this...
CVE-2019-7300
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldapadmin and ldappassword fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field...
CVE-2018-20342
The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges...
CVE-2018-18014
Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated b...
CVE-2018-0430
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of...
CVE-2018-11061
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server...
Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution Vulnerability
Exploit for linux platform in category remote exploits Exploit Title: Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Version: All versions before RP 5.1.2, and all versions before RP4VMs 5.1.1.3 Vendor KB: https://support.emc.com/kb/521234 Github:...
Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution
Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Exploit Title: Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Date: 2018-06-21 Version: All versions before RP 5.1.2, and all versions before RP4VMs 5.1.1.3 Exploit Author: Paul Taylor Vendor Advisory: DSA-2018-095 Vendor KB...
Dell EMC RecoverPoint < 5.1.2 - Local Root Command Execution
Exploit Title: Dell EMC RecoverPoint &2 root@recoverpoint:/ id uid=0root gid=0root groups=0root root@recoverpoint:/...
Apache Hadoop elevation of privilege vulnerability (CNVD-2018-10426)
Apache Hadoop is the U.S. Apache Apache Software Foundation's set of open source distributed systems infrastructure, it can be distributed processing of large amounts of data, and has high reliability, high scalability, high fault tolerance and other characteristics. Apache Hadoop 2.2.0 to 2.7.3...
CVE-2018-1144
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi...
The vulnerability of the XPC interface implementation for accessing the CactusVPN VPN service allows a perpetrator to execute system commands with root privileges.
The vulnerability of the XPC interface implementation for accessing the CactusVPN VPN service is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute system commands with root privileges...
CVE-2018-6822
In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root...
The vulnerability of the system scripts of the automation software Application Policy Infrastructure Controller allows a perpetrator to execute arbitrary commands with root privileges.
The vulnerability of system scripts in the automation software Application Policy Infrastructure Controller, when installed during the download process, is related to the lack of measures to neutralize special elements used in commands. Exploiting this vulnerability allows an attacker to enhance...
The vulnerability of the command-line interface (CLI) of the NX-OS operating system of the Cisco Unified Computing System Central device’s centralized device management system allows a attacker to execute arbitrary commands.
The vulnerability of the command-line interface CLI of the NX-OS operating system in the Cisco Unified Computing System Central device management system exists due to insufficient verification of input data during the installation of updates. Exploiting this vulnerability allows an attacker to...
The vulnerability of the command-line interface (CLI) of the NX-OS operating system of the Cisco Unified Computing System Central device’s centralized device management system allows a attacker to execute any command they desire.
The vulnerability of the command-line interface CLI of the NX-OS operating system of the Cisco Unified Computing System Central device management system exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary commands with...
CVE-2017-8020
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server...
VulnCheck KEV: CVE-2024-12847
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild...
The vulnerability of the Screensavercc component in the eLux RP operating system allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the Screensavercc component in the eLux RP operating system is related to the lack of measures to protect input data. Exploiting this vulnerability allows a malicious actor to bypass configuration restrictions and execute arbitrary commands with root privileges by inserting...