409 matches found
CVE-2021-45836
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by injecting a maliciously crafted input in the request through /tos/index.php?app/handapp...
CVE-2021-45840
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending specifically crafted input to /tos/index.php?app/appstartstop...
CVE-2020-16204
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W all versions...
CVE-2018-20162
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root...
CVE-2025-20256
A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating...
CVE-2025-20256
A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating...
CVE-2025-25504
An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC In AV over IP products v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges...
CVE-2025-43595 MSP360 Backup (for Linux) insecure filesystem permissions
An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 released on 2025-04-22...
PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deploye...
CVE-2025-29987
Dell PowerProtect Data Domain with Data Domain Operating System DD OS versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root...
Security Bulletin: Vulnerability in OpenPrinting CUPS affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in OpenPrinting CUPS has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...
CVE-2025-20117
A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due t...
Azure Linux 3.0 Security Update: cups (CVE-2024-35235)
The version of cups installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35235 advisory. - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versio...
CVE-2025-20124
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit...
Cisco AsyncOS 输入验证错误漏洞
Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. An input validation error vulnerability exists in Cisco AsyncOS, which stems from insufficient validation of an XML configuration file, and can be exploited by an authenticated remote attacker to upload specially crafted files...
vivo ABE service 安全漏洞
vivo ABE service is a cell phone service program from the Chinese company Vivo. A security vulnerability exists in vivo ABE service, which stems from a flaw in the validation of input parameters, which allows an attacker to enter carefully constructed commands to cause ABE service to execute some...
PT-2024-35974 · Barco · Barco Clickshare Core +5
Name of the Vulnerable Software and Affected Versions: Barco ClickShare CX-30/20, C-5/10, ClickShare Bar Pro, and Core models versions prior to 2.21.1 Description: An injection vulnerability allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution a...
PT-2024-9475 · Advantech · Advantech Eki-6333Ac-2G +1
Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A vulnerability was discovered in the "edgserver" service of Advantech's...
Enel X Waybox 安全漏洞
The Enel X Waybox is a home charging station from Enel X, Inc. A security vulnerability exists in version 3.0 of the Enel X Waybox that stems from incorrect file ownership of the Privileged Services Library, which results in an attacker would be able to execute arbitrary operating system commands...
CVE-2024-20374
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating...