HP VAN SDN Controller Root Command Injection

This module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller 'HP VAN SDN Controller Root Command Injection', 'Description' = %q This module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller = 2.7.18.0503 to execute a payload as...

Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution Vulnerability

Exploit for linux platform in category remote exploits Exploit Title: Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Version: All versions before RP 5.1.2, and all versions before RP4VMs 5.1.1.3 Vendor KB: https://support.emc.com/kb/521234 Github:...

Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution

Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Exploit Title: Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Date: 2018-06-21 Version: All versions before RP 5.1.2, and all versions before RP4VMs 5.1.1.3 Exploit Author: Paul Taylor Vendor Advisory: DSA-2018-095 Vendor KB...

Dell EMC RecoverPoint &lt; 5.1.2 - Local Root Command Execution

Exploit Title: Dell EMC RecoverPoint &2 root@recoverpoint:/ id uid=0root gid=0root groups=0root root@recoverpoint:/...

The vulnerability of the apply.cgi component in ASUS’ microprogramming software for routers allows a hacker to execute arbitrary commands with root privileges.

The vulnerability of the apply.cgi component in ASUS router microprogramming systems exists due to the lack of measures taken to neutralize the special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the...

Apache Hadoop elevation of privilege vulnerability (CNVD-2018-10426)

Apache Hadoop is the U.S. Apache Apache Software Foundation's set of open source distributed systems infrastructure, it can be distributed processing of large amounts of data, and has high reliability, high scalability, high fault tolerance and other characteristics. Apache Hadoop 2.2.0 to 2.7.3...

CVE-2018-1144

A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi...

The vulnerability of the XPC interface implementation for accessing the CactusVPN VPN service allows a perpetrator to execute system commands with root privileges.

The vulnerability of the XPC interface implementation for accessing the CactusVPN VPN service is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute system commands with root privileges...

CVE-2018-0015

A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is...

CVE-2017-6230

Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems...

CVE-2017-6229

Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute...

CVE-2017-6229

Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute...

CVE-2017-6230

The CVE-2017-6230 entry concerns Ruckus Networks Solo APs (firmware R110.x or earlier) and SZ managed APs (firmware R5.x or earlier). It describes an authenticated Root Command Injection vulnerability in the web-GUI, enabling an authenticated user to execute privileged commands on affected system...

CVE-2018-6822

In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root...

The vulnerability of the system scripts of the automation software Application Policy Infrastructure Controller allows a perpetrator to execute arbitrary commands with root privileges.

The vulnerability of system scripts in the automation software Application Policy Infrastructure Controller, when installed during the download process, is related to the lack of measures to neutralize special elements used in commands. Exploiting this vulnerability allows an attacker to enhance...

The vulnerability of the command-line interface (CLI) of the NX-OS operating system of the Cisco Unified Computing System Central device’s centralized device management system allows a attacker to execute arbitrary commands.

The vulnerability of the command-line interface CLI of the NX-OS operating system in the Cisco Unified Computing System Central device management system exists due to insufficient verification of input data during the installation of updates. Exploiting this vulnerability allows an attacker to...

The vulnerability of the command-line interface (CLI) of the NX-OS operating system of the Cisco Unified Computing System Central device’s centralized device management system allows a attacker to execute any command they desire.

The vulnerability of the command-line interface CLI of the NX-OS operating system of the Cisco Unified Computing System Central device management system exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary commands with...

Linksys WVBR0 25 Command Injection(CVE-2017-17411)

In this guest blog, Trend Micro DVLabs researcher Ricky Lawshae discusses the recently disclosed CVE-2017-17411. He discovered and reported this bug through the ZDI program. Earlier this year, I learned that AT&T was starting to move customers away from its U-Verse service in favor of its DirecTV...

CVE-2017-8020

An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server...

VulnCheck KEV: CVE-2024-12847

NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild...