128 Technology Session Smart Router 授权问题漏洞

128 Technology Session Smart Router is a router. An authorization issue vulnerability exists in the 128 Technology Session Smart Router that stems from an error in the product's handling of authentication requests. An attacker could bypass authentication and execute arbitrary system commands with...

Aruba ClearPass Policy Manager 路径遍历漏洞

HPE Aruba ClearPass Policy Manager is a network access control NAC solution. A directory traversal vulnerability exists in HPE Aruba ClearPass Policy Manager. An attacker can exploit the vulnerability to execute arbitrary commands on the server as root user, which could result in complete system...

CVE-2021-38557

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh wit...

CVE-2021-38557

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh wit...

CVE-2021-38557

Affected software: raspap-webgui (RaspAP) 2.6.6. Root cause: insecure sudoers permissions permit the www-data user to run /etc/raspap/hostapd/enablelog.sh as root without a password and to overwrite that script with arbitrary executable content. Impact: potential remote code execution as root. Ex...

The vulnerability in the web interface of the Cisco Intersight Virtual Appliance software for managing cloud systems allows a perpetrator to execute arbitrary commands with root privileges.

The vulnerability of the web interface for managing Cisco Intersight Virtual Appliance software exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands with root privileges remotely...

VulnCheck KEV: CVE-2021-1497

Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user...

Fortinet FortiPortal 信任管理问题漏洞

Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs.Fortinet FortiPortal has a trust management issue vulnerability, which stems from the...

CVE-2021-20740

Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08NEC2.5.4a and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08NEC3.4.2 allow remote authenticated attackers to execute arbitrary...

CVE-2021-1571

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting XSS attac...

CVE-2021-1542

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting XSS attac...

CVE-2021-1541

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting XSS attac...

Multiple vulnerabilities in Buffalo WSR-1166DHP3 and WSR-1166DHP4 routers

Overview Buffalo WSR-1166DHP3 and WSR-1166DHP4 routers provided by Buffalo Inc. contain multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2021-20730 OS command injection CWE-78 - CVE-2021-20731 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC...

CVE-2020-21999

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...

UBUNTU-CVE-2020-28026

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary...

iWT FaceSentry Access Control System 操作系统命令注入漏洞

iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. iWT FaceSentry Access Control System 6.4.8 suffers from an operating system command injection vulnerability that allows injection of authenticated OS commands using default credentials...

Vulnerabilities fixed in Cisco ASA and FTD

Vulnerabilities have been fixed in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service or execute arbitrary commands execute in the underlying operating system with the privilege...

CVE-2021-3512

Improper access control vulnerability in Buffalo broadband routers BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and...

CVE-2021-1485

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system OS of an affected device. This vulnerability is due to insufficient input validation of...

CVE-2021-1433

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this...