ZeroShell <= 1.0beta11 Remote Code Execution

ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action. id: CVE-2009-0545 info: name: ZeroShell = 1.0beta11 Remote Code Execution author: geeknik severity: critica...

Zeroshell 3.9.3 - Command Injection

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character. id: CVE-2020-29390 info: name: Zeroshell 3.9.3 - Command...

Zeroshell 3.9.0 - Remote Command Execution

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters. id: CVE-2019-12725 info...

CVE-2019-12725

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters...

EUVD-2021-28750

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2020-29390

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...

CVE-2021-41738

ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands...

CVE-2020-29390

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...

Zeroshell vulnerable to OS command injection

Overview The web interface of Zeroshell, Linux distribution provided by Zeroshell.org, contains an OS command injection vulnerability CWE-78. Hirukawa Norihiko of MYT Consulting Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

JVN#44033918: Zeroshell vulnerable to OS command injection

The web interface of Zeroshell, Linux distribution provided by Zeroshell.org, contains an OS command injection vulnerability CWE-78. Impact Processing a crafted HTTP request may lead to an arbitrary OS command execution. Solution Stop using the product The developer states that the affected produ...

CVE-2021-41738

ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands...

CVE-2021-41738

ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands...

Command injection

ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands...

CVE-2021-41738

ZeroShell 3.9.5 is affected by a command injection in the /cgi-bin/kerbynet endpoint (IP parameter). An authenticated attacker could execute system commands through this parameter. Affected product/version: ZeroShell 3.9.5. Root cause: command injection via the IP parameter in kerbynet. Impact: p...

CVE-2021-41738

ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands...

Zeroshell 操作系统命令注入漏洞

Zeroshell is a Linux distribution for servers and embedded systems. Zeroshell version 3.9.5 suffers from an operating system command injection vulnerability that stems from a command injection issue in the /cgi-bin/kerbynet IP parameter. An authenticated attacker can use this vulnerability to...

PT-2022-11471 · Zeroshell · Zeroshell

Name of the Vulnerable Software and Affected Versions: ZeroShell version 3.9.5 Description: The issue is a command injection vulnerability in the "/cgi-bin/kerbynet" API endpoint, specifically in the IP parameter. This may allow an authenticated attacker to execute system commands. Recommendation...

Exploit for OS Command Injection in Zeroshell

CVE-2019-12725 CVE-2019-12725 ZeroShell 远程命令执行漏洞 =================================================== 自己的练习项目...

Exploit for OS Command Injection in Zeroshell

POC CVE-2019-12725-Remote-Command-Execution ZeroShell 3.9.0 R...

Command Execution Vulnerability in ZeroShell Net Service

zeroshell is a routing software that runs under a linux server. A command execution vulnerability exists in ZeroShell Net Service, which can be exploited by an attacker to gain control of the server...