CVE-2021-1435

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted...

USN-4875-1 opensmtpd vulnerabilities

It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could possibly use this vulnerability to execute arbitrary commands as root. CVE-2020-7247 It was discovered that OpenSMTPD did not properly handle hardlinks und...

The vulnerability of the installation package verification subsystem of the Junos operating system, allowing a attacker to execute arbitrary commands with root privileges

The vulnerability of the Junos operating system’s installation package’s verification subsystem is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands with ro...

CVE-2021-26679

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying...

net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution

A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

The vulnerability in the web interface of the Cisco Smart Software Manager On-Prem administration tool allows a perpetrator to execute arbitrary commands.

The vulnerability of the web interface of the Cisco Smart Software Manager On-Prem administration tool is related to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges remotely...

CVE-2021-1316

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper...

CVE-2021-1318

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper...

CVE-2021-25310

The administration web interface on Belkin Linksys WRT160NL 1.0.04.002US20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the uilanguage POST parameter to the apply.cgi form endpoint. This occurs in doupgradepost in...

Belkin LINKSYS WRT160NL 操作系统命令注入漏洞

The Belkin LINKSYS WRT160NL is a wireless router from Belkin USA. A security vulnerability exists in Belkin Linksys WRT160NL 1.0.04.002US20130619, which stems from a failure to properly filter special characters, commands, etc. within it. A remote authenticated attacker could execute system...

CVE-2020-15836

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root...

net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution

A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2021-1150

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of...

SolarWinds N-Central Access Control Error Vulnerability

SolarWinds N-Central is an IT device management platform from SolarWinds Singapore. The platform provides proactive monitoring of everything on a customer's network, not just servers and workstations, and rapid troubleshooting using features such as MFA, antivirus, integrated endpoint detection a...

CVE-2020-25618

An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root i.e., the use of root privileges is not limited to specific programs listed in the sudoers fi...

CVE-2020-25617

An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console NAC, leading to execution of OS commands as root...

SolarWinds N-Central 路径遍历漏洞

SolarWinds N-Central is a remote monitoring and management automation solution for managed service providers and IT professionals. A relative path traversal vulnerability exists in the AdvancedScripts HTTP endpoint in SolarWinds N-Central 12.3.0.670. An attacker can exploit the vulnerability to...

Multiple D-Link Router Products Input Validation Error Vulnerability

The D-link DSR-250, among others, is a Unified Services router from China-based AUO D-link. An input validation error vulnerability exists in D-Link DSR VPN routers with firmware 3.14 and 3.17, which stems from a lack of input validation and access control, and could lead to arbitrary input being...

WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers

Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three securi...

net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution

A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...