CVE-2025-34332 AudioCodes Fax/IVR Appliance <= 2.6.23 Insecure Service Control Scripts LPE

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\F2MAdmin\F2E\AudioCodesfiles\utils\Services. When certain service actions are...

CVE-2025-34332

CVE-2025-34332 affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. A web administration component runs Windows service actions via helper batch scripts in C:\F2MAdmin\F2E\AudioCodes_files\utils\Services. When service actions are requested through ajaxPost.php, PH...

PT-2025-47481

Name of the Vulnerable Software and Affected Versions AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 Description The web administration component of the software controls Windows services using batch scripts located under C:F2MAdminF2EAudioCodes...

CVE-2025-34323

Nagios Log Server is vulnerable in versions prior to 2026R1.0.1 due to an unsafe interaction between passwordless sudo rules and group-writable script directories. The www-data user is in the nagios group, which has write access to /usr/local/nagioslogserver/scripts, while scripts in that directo...

CVE-2025-34323 Nagios Log Server < 2026R1.0.1 Local Privilege Escalation via Writable Scripts and Sudo Rules

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...

Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

Ensure That Scripts Writable by Low-Privilege Users Cannot Be Configured in the sudoers Configuration File

The sudo command enables a specified common user to execute certain programs with the root permission. The corresponding configuration file is /etc/sudoers. The administrator can configure rules to enable some scripts or binary files to run with the root permission. Therefore, only the root user...

CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell

!/usr/bin/env python Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: = 4.7.18.0.eden Logic ver: 6.00 Summary: EVE is a smart home and building automation solution designed for both residential and commercial...