CVE-2022-24388

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...

CVE-2022-24388

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...

CVE-2022-0997

Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a...

GHSA-MF7C-35MQ-75PJ Insecure Inherited Permissions in Apache Hadoop

In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user...

CVE-2022-27224

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected Ping, Traceroute, and...

CVE-2022-20779

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

CVE-2022-20777

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

CVE-2022-20780

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

CVE-2022-20780

CVE-2022-20780 is one of three Cisco NFVIS flaws affecting Cisco Enterprise NFV Infrastructure Software. Connected sources confirm concrete details: the issues enable an authenticated or unauthenticated remote attacker to escape a guest VM to the NFVIS host, inject commands that execute at root l...

CVE-2021-45837

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending a specifically crafted input to /tos/index.php?app/del...

CVE-2021-45836

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by injecting a maliciously crafted input in the request through /tos/index.php?app/handapp...

TerraMaster FS-210安全漏洞

The Terramaster TerraMaster FS-210 is a NAS Network Attached Storage device from Tumi Electronic Technology Terramaster in Shenzhen, China. A security vulnerability exists in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, which can be exploited by sending a special command to...

TerraMaster FS-210安全漏洞

The Terramaster TerraMaster FS-210 is a NAS Network Attached Storage device from Tumi Electronic Technology Terramaster in Shenzhen, China. A security vulnerability exists in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, which can be exploited by sending a special command to...

TerraMaster TOS 安全漏洞

TerraMaster TOS is a Linux-based operating system from China's TerraMaster, dedicated to the TerraMaster Cloud Storage NAS server. TerraMaster TOS has a security vulnerability that can be exploited by sending special input to /tos/index.php?app/del to execute arbitrary commands as root. The...

CVE-2021-42324

An issue was discovered on DCN Digital China Networks S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell...

GlobalProtect-Openconnect 安全漏洞

GlobalProtect-Openconnect is a GlobalProtect VPN client GUI for Linux based on OpenConnect and built with Qt5 to support SAML authentication mode. A security vulnerability exists in GlobalProtect-Openconnect, which is caused by GlobalProtect-Openconnect being set up in a way that allows an...

SonicWall SMA 100 Series Authenticated Command Injection Exploit

This Metasploit module exploits an authenticated command injection vulnerability in the SonicWall SMA 100 series web interface. Exploitation results in command execution as root. The affected versions are 10.2.1.2-24sv and below, 10.2.0.8-37sv and below, and 9.0.0.11-31sv and below. This module...

Netgear Nighthawk R6700 授权问题漏洞

The Netgear Nighthawk R6700 is a wireless router from Netgear USA. An authorization issue vulnerability exists in the Netgear Nighthawk R6700 that stems from the product's lack of adequate protection for UART console access. The vulnerability can be exploited by an attacker to execute commands as...

PT-2021-5078 · Cisco · Rv082 +5

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV016 versions affected versions not specified Cisco Small Business RV042 versions affected versions not specified Cisco Small Business RV042G versions affected versions not specified Cisco Small Business RV082 versions...

CVE-2021-34755

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory...