12 matches found
CVE-2026-55740
Nur-Alam39 bus-ticket no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad contains an unauthenticated SQL injection vulnerability in businfo.php. The busid parameter received via HTTP POST is concatenated directly into a MySQL query select from businfo where id=$busid...
EUVD-2025-23526
Malicious code in bioql PyPI...
CVE-2022-33184
A vulnerability in fabseg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account...
Cisco SD-WAN Software Arbitrary File Corruption (cisco-sa-sdwan-privesc-cli-xkGwmqKu)
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to...
CVE-2021-27790
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as...
BSA-2021-1492
Security Advisory ID : BSA-2021-1492 Component : ipfilter Revision : 1.1 The command “ipfilter†in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0CBN4,and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to...
Input validation
A vulnerability in the Secure Copy Protocol SCP server of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of...
CVE-2017-10604 Junos OS: SRX Series: Cluster configuration sync failures occur if the root user account is locked out
When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operatio...
Supermicro IPMI Firmware CGI Scanner Remote Code Execution (CVE-2013-3621; CVE-2013-3623)
A buffer overflow vulnerability has been reported in the Supermicro IPMI Firmware. A remote attacker may exploit this issue by sending specially crafted messages to the target server. Exploitation of these vulnerabilities may result in remote code execution as the root user account...
rsh Excessive Trust Vulnerability
Added: 01/25/2013 CVE: CVE-1999-0515 Background The rsh service allows remote users, using an rsh client, to execute individual shell commands on an rsh server without the need for a password. The rsh process uses the .rhosts file to list trusted hosts those machines allowed to use the service...
DD-WRT HTTP Daemon Arbitrary Command Execution
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'DD-WRT HTTP...
DD-WRT HTTP Daemon Arbitrary Command Execution
This module abuses a metacharacter injection vulnerability in the HTTP management server of wireless gateways running DD-WRT. This flaw allows an unauthenticated attacker to execute arbitrary commands as the root user account. This module requires Metasploit: https://metasploit.com/download Curre...