Gryphon Tower 操作系统命令注入漏洞

A command injection vulnerability exists in Gryphon Tower, a wireless router from Gryphon, which stems from a failure to properly filter user input for special characters, commands, etc. in the parameters of operation 10 in the controllerserver service on the router. An unauthenticated, remote...

DEBIAN-CVE-2011-4125

A untrusted search path issue was found in Calibre at devices/linuxmounthelper.c leading to the ability of unprivileged users to execute any program as root...

CVE-2011-4125

A untrusted search path issue was found in Calibre at devices/linuxmounthelper.c leading to the ability of unprivileged users to execute any program as root...

CVE-2011-4125

A untrusted search path issue was found in Calibre at devices/linuxmounthelper.c leading to the ability of unprivileged users to execute any program as root...

CVE-2021-3054

A time-of-check to time-of-use TOCTOU race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-...

GHSA-536P-4PCJ-5MR9 raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh wit...

Command injection

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh wit...

Vizio P65-F1 安全漏洞

The Vizio P65-F1 is a display from Vizio, Inc. A security vulnerability exists in the Vizio P65-F1 version 6.0.31.4-2 and the E50x-E1 version 10.0.31.4-2, which stems from a device that allows a threat actor to execute arbitrary code from a USB drive via the Smart Cast feature, as files on the US...

DNSStager - Hide Your Payload In DNS

DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as AAAA or TXT records after splitting...

CVE-2021-31505

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mod...

CVE-2021-31505

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mod...

CVE-2021-1557

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. These vulnerabilities are due to insufficient restrictions during the execution of affected CLI...

SUSE: Security Advisory (SUSE-SU-2020:1533-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-28249

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is ru...

CVE-2021-26720

avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...

PT-2021-7394 · Debian +2 · Avahi +2

Name of the Vulnerable Software and Affected Versions: avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 Description: The issue is related to the execution of avahi-daemon-check-dns.sh as root via /etc/network/if-up.d/avahi-daemon, allowing a local attacker to cause a denial of...

UBUNTU-CVE-2021-25311

condorcredd in HTCondor before 8.9.11 allows Directory Traversal outside the SECCREDENTIALDIRECTORYOAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root...

CVE-2020-27555

Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user...

VulnCheck KEV: CVE-2025-34054

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence...

CVE-2020-26574

Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a...