EUVD-2025-205437

An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...

CVE-2018-25148 Microhard Systems IPn4G 1.1.0 Remote Code Execution via Admin Interface

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...

CVE-2025-67722

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to versions 16.0.45 and 17.0.24 of the FreePBX framework, an authenticated local privilege escalation exists in the deprecated FreePBX startup script amportal. In the deprecated amportal utility, the...

SiYuan vulnerable to RCE via zip slip and Command Injection via PandocBin

Summary Siyuan is vulnerable to RCE. The issue stems from a "Zip Slip" vulnerability during zip file extraction, combined with the ability to overwrite system executables and subsequently trigger their execution. Steps to reproduce 1. Authenticate 2. Create zip slip payload with path traversal...

GHSA-4R66-7RCV-X46X SiYuan vulnerable to RCE via zip slip and Command Injection via PandocBin

Summary Siyuan is vulnerable to RCE. The issue stems from a "Zip Slip" vulnerability during zip file extraction, combined with the ability to overwrite system executables and subsequently trigger their execution. Steps to reproduce 1. Authenticate 2. Create zip slip payload with path traversal...

CVE-2025-63296

KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anykaservice.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root...

Debian dla-4326 : asterisk - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4326 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4326-1 [email protected]...

EUVD-2017-14039

Malware in sbrugna...

EUVD-2020-4336

Malware in sbrugna...

EUVD-1999-1517

Malware in sbrugna...

EUVD-2025-30828

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-1131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A local privilege escalation vulnerability exists in the safeasterisk script included with the Asterisk toolkit package. When Asterisk is started via this scrip...

DEBIAN-CVE-2025-1131

A local privilege escalation vulnerability exists in the safeasterisk script included with the Asterisk toolkit package. When Asterisk is started via this script common in SysV init or FreePBX environments, it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating...

CVE-2025-1131

A local privilege escalation vulnerability exists in the safeasterisk script included with the Asterisk toolkit package. When Asterisk is started via this script common in SysV init or FreePBX environments, it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating...

UBUNTU-CVE-2025-1131

A local privilege escalation vulnerability exists in the safeasterisk script included with the Asterisk toolkit package. When Asterisk is started via this script common in SysV init or FreePBX environments, it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating...

PT-2025-39117

Name of the Vulnerable Software and Affected Versions Asterisk toolkit affected versions not specified Description A local privilege escalation issue exists in the safe asterisk script. When Asterisk starts using this script, it executes all .sh files in the /etc/asterisk/startup.d/ directory as...

Asterisk 安全漏洞

Asterisk is an Asterisk open source software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk has a security vulnerability that originates from not verifying the ownership or permissions of the .sh file in the /etc/asterisk/startup.d directory,...

Array Networks vAPV和Array Networks vxAG 安全漏洞

Array Networks vAPV and Array Networks vxAG are both products of Array Networks, Inc. of the U.S.A. Array Networks vAPV is a Virtual Application Delivery Controller.Array Networks vxAG is a Virtual Secure Access System. A security vulnerability exists in Array Networks vAPV version 8.3.2.17 and...

PT-2024-20282 · Wanxing Technology · Yitu

Name of the Vulnerable Software and Affected Versions: Wanxing Technology's Yitu project affected versions not specified Description: A remote code execution issue exists in the project management of Wanxing Technology's Yitu project. This allows an attacker to use the exp.adpx file as a zip...

CVE-2024-6240

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASHENV environment variable with the path to the malicious script, executing on application startup. An attacke...