CVE-2025-59106 Web Server Running with Root Privileges in dormakaba access manager

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

CVE-2025-59106

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

CVE-2025-59106 Web Server Running with Root Privileges in dormakaba access manager

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

Dormakaba Access Manager security vulnerabilities

The Dormakaba Access Manager is a smart hardware controller developed by the Dormakaba company in the United States. There is a security vulnerability in the Dormakaba Access Manager, which stems from the Web server binary running with root privileges, potentially leading to an increase in...

PT-2023-18566 · Unknown · White Rabbit Switch

Name of the Vulnerable Software and Affected Versions: White Rabbit Switch affected versions not specified Description: The issue allows an attacker to perform system commands under the context of the web application. By default, the web server runs as the root user, which can be exploited...

CVE-2022-32535

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch...

CVE-2022-25591

BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request...

PT-2022-12982 · Tenable · Tenable.Sc

Name of the Vulnerable Software and Affected Versions: Tenable.sc versions 5.14.0 through 5.19.1 Description: A remote code execution issue was discovered, allowing a remote, unauthenticated attacker to execute code under special circumstances. The attacker must first stage a specific file type i...

CVE-2017-6398

An issue was discovered in Trend Micro InterScan Messaging Security Virtual Appliance 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user which is root. Besides, the default installation of IMSVA comes with default administrator credentials. The...

ADA IMGSVR 0.4 - Remote File Download Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10027/info A vulnerability has been reported in the ImgSvr server software that may allow a remote user to the retrieve arbitrary files from the web server root directory and any subdirectories therein. An attacker may...

ADA IMGSVR 0.4 - Arbitrary File Download

source: https://www.securityfocus.com/bid/10027/info A vulnerability has been reported in the ImgSvr server software that may allow a remote user to the retrieve arbitrary files from the web server root directory and any subdirectories therein. An attacker may leverage this issue to gain access t...

GWeb HTTP Server 0.50.6 - Directory Traversal

GWeb HTTP Server 0.50.6 - Directory Traversal source: https://www.securityfocus.com/bid/9742/info It has been reported that GWeb is prone to a directory traversal vulnerability. The issue is due to the server's failure to properly validate user supplied http requests. This issue may allow an...