309 matches found
CVE-2025-20238
CVE-2025-20238 affects Cisco Secure Firewall ASA/FTD software. The issue arises from insufficient input validation of user-supplied commands, enabling an authenticated local attacker with valid admin credentials to execute arbitrary commands on the underlying OS with root privileges. Exploitation...
PT-2025-33325 · Cisco · Cisco Secure Firewall Adaptive Security Appliance (Asa) +1
Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software affected versions not specified Description: A vulnerability exists in Cisco Secure Firewall Adaptive Security Appliance ASA...
CVE-2025-43984
CVE-2025-43984 affects KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2; Software Version: GC111-GL-LM321_V3.0_20191211). An unauthenticated POST to the endpoint /goform/goform_set_cmd_process , using the SSID parameter, allows remote attackers to execute arbitrary OS commands with root priv...
CVE-2025-34148
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject...
VulnCheck KEV: CVE-2014-125123
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel developed by LXCenter prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the...
CVE-2025-52089
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges...
CVE-2025-34055
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed...
PT-2025-27248 · Unknown · Sight Bulb Pro
Name of the Vulnerable Software and Affected Versions: Sight Bulb Pro affected versions not specified Description: The issue allows unauthenticated users on an adjacent network to run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This enables an...
Puppet Enterprise Administration Module 安全漏洞
Puppet Enterprise Administration Module PEADM is an open source Puppet module from Puppet that defines the Bolt program. It is used to automate Puppet Enterprise deployments. A security vulnerability exists in the Puppet Enterprise Administration Module versions 2018.1.8 through 2023.8.3 and...
CVE-2025-4230
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this...
The vulnerability of the ping tool in the web interface of the microprogramming software for routing and switching platform RUGGEDCOM ROX series, MX (MX5000, MX5000RE) and RX (RX1400, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000), allows a hacker to execute arbitrary code.
The vulnerability of the ping tool in the web interface of the microprogramming software for routing and switching platform RUGGEDCOM ROX models series MX MX5000, MX5000RE and RX RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 is related to the absence of a mechanism to...
CVE-2025-20278
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied...
CVE-2024-20306
A vulnerability in the Unified Threat Defense UTD configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the...
CVE-2023-32612
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege...
CVE-2025-40582
A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions with SINEMA Remote Connect Edge Client installed. Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root commands on the device...
CVE-2025-40582
The CVE-2025-40582 entry concerns Siemens SCALANCE LPE9403 devices with SINEMA Remote Connect Edge Client installed. The vulnerability arises from improper sanitization of configuration parameters, enabling a non-privileged local attacker to execute root commands on the device. Affected products ...
PT-2025-16007 · Palo Alto Networks · Pan-Os
Name of the Vulnerable Software and Affected Versions: PAN-OS versions affected versions not specified Description: A command injection issue in PAN-OS software allows an authenticated administrator to bypass system restrictions and execute arbitrary commands as a root user. This issue is specifi...
CVE-2025-27494
A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...
The vulnerability of the “edgserver” service in the microprogramming software for multifunctional wireless access points of Advantech models EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the “edgserver” service in the microprogramming-based wireless access points of Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO models exists due to the failure to take measures to neutralize the special elements used in the operating system commands. Exploiting...
CVE-2024-10771
Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level ”Service”, an attacker can execute arbitrary system commands in the root user’s contexts...