Zyxel zhttpd and libclinkc.so buffer overflows

Added: 01/17/2023 CVE: CVE-2022-4510 Background Zyxel Firewalls are a business solution providing protection from malware and unauthorized access. Problem A buffer overflow vulnerability in Zyxel firewalls could allow a remote, unauthenticated attacker to execute arbitrary code by requesting a...

Windows Server Service buffer overflow MS08-067

Added: 10/24/2008 CVE: CVE-2008-4250 BID: 31874 OSVDB: 49243 Background The Windows Server service supports file, print, and named-pipe sharing over the network. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted RPC reques...

Spring Cloud Function Remote Code Execution

Added: 04/05/2022 Background Spring Cloud Function abstracts all transport details and infrastructure, allowing developers to keep all familiar tools and processes and focus on business logic. Problem Spring Cloud Function has remote code execution vulnerability. An attacker could provide a craft...

Apache chunked encoding buffer overflow

Added: 05/08/2006 CVE: CVE-2002-0392 BID: 5033 OSVDB: 838 Background Apache web servers support chunked encoding, which is used by a web client to send data to the server in parts, or chunks. Problem A flaw in the calculation of the size of chunked encoding leads to a buffer overflow, allowing...

MediaTek wappd buffer overflow

Added: 09/30/2024 Background MediaTek Wi-Fi chipsets and SoftAP driver bundles include wappd , a network daemon responsible for configuring and managing wireless interfaces and access points. Problem A buffer overflow in wappd could allow remote code execution on a large variety of devices...

Reverse Shell Applet

Added: 10/10/2010 Background This tool runs an exploit server which delivers a signed java applet, embedded in an HTML page, to the target hosts. The user is presented with a signed digital certificate which, when accepted, establishes a reverse shell connection back to the exploit server. Proble...

Cisco ISE ERS InternalUser command injection

Added: 07/17/2025 Background Cisco Identity Services Engine ISE is a centralized user access control which provides network access policy for end users whether they connect through a wired or wireless network or by VPN. Problem A vulnerability in the Cisco ISE ERS API could allow remote,...

VMware Aria Operations for Networks default SSH key

Added: 09/06/2023 Background SSH Private keys are used for authentication for many devices. Devices shipped with a default, static key are vulnerable to compromise if the public discovers the key. The private key can be re-used by an attacker to gain remote, privileged access to the device. Probl...

Apache Struts double OGNL evaluation

Added: 11/27/2020 CVE: CVE-2019-0230 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigatio...

Apache Struts forced OGNL evaluation

Added: 02/03/2021 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigation Language OGNL to...

TikiWiki file upload vulnerability (jhot.php)

Added: 09/08/2006 CVE: CVE-2006-4602 BID: 19819 OSVDB: 28456 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The jhot.php script allows remote attackers to upload arbitrary PHP commands into the img/wiki directory. The commands can then be executed by...

Polkit pkexec privilege elevation

Added: 01/27/2022 CVE: CVE-2021-4034 Background Polkit is a Linux package for handling policies that allow unprivileged processes to communicate with privileged processes. It includes a tool called pkexec that allows the user to execute commands as another user according to the polkit policy...

Bash environment variable command injection in Cisco UCS Manager

Added: 03/24/2016 CVE: CVE-2014-6278 BID: 70166 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure. Problem The Bash shell executes commands injected after...

Zoho ManageEngine ServiceDesk Plus SAMLResponse command execution

Added: 02/17/2023 Background Zoho ManageEngine ServiceDesk Plus is IT helpdesk software. Problem A vulnerability in an outdated Apache Santuario library in ServiceDesk Plus allows a remote, unauthenticated attacker to execute arbitrary commands by sending a specially crafted SAMLResponse paramete...

FortiWLM progressfile command injection

Added: 03/18/2024 Background Fortinet Wireless Manager FortiWLM allows you to manage wireless networks on FortiGates. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by calling the deleteprogressfile function with a specially crafted...

IBM Aspera Faspex YAML deserialization

Added: 04/13/2023 Background IBM Aspera Faspex is a centralized, high-speed transfer solution using the FASP protocol. Problem A YAML deserialization vulnerability allows remote attackers to execute arbitrary commands by sending a POST request for relaypackage with specially crafted JSON content...

Weblizar School Management Pro plugin backdoor

Added: 08/12/2022 CVE: CVE-2022-1609 Background Weblizar School Management is a WordPress plugin for management of school operations. Problem The license checking code in School Management Pro contains a backdoor which allows remote attackers to execute arbitrary commands. Resolution Upgrade to t...

Unraid webGui remote code execution

Added: 04/30/2020 CVE: CVE-2020-5847 Background Unraid is a network-attached storage operating system. It runs a web-based graphical user interface webGui written in PHP. Problem The Unraid webGui uses the PHP extract function to load all GET parameters into the application as variables, allowing...

ProFTPD Telnet IAC buffer overflow

Added: 01/21/2011 CVE: CVE-2010-4221 BID: 44562 OSVDB: 68985 Background ProFTPD is free FTP Server software for Unix and Linux platforms. Problem A buffer overflow vulnerability in ProFTPD allows remote attackers to execute arbitrary commands by sending a TELNETIAC escape sequence to the FTP...

Microsoft IIS FTP Server NLST Command Remote Overflow

Added: 09/03/2009 CVE: CVE-2009-3023 BID: 36189 OSVDB: 57589 Background Microsoft Internet Information Server IIS includes a web server and an FTP server. Problem A stack overflow in the FTP server in IIS 5 and 6.0 via a crafted NLST command that uses wildcards allows remote authenticated users t...

Ivanti Connect Secure and Policy Secure authentication bypass and command injection

Added: 01/18/2024 Background Ivanti Connect Secure is a web-based remote access VPN. Problem An authentication bypass vulnerability and a command injection vulnerability when exploited together could allow a remote unauthenticated attacker to execute arbitrary commands. Resolution Apply the...

VMware Cloud Foundation XStream Deserialization

Added: 10/31/2022 Background VMware Cloud Foundation is a hybrid cloud platform. Problem An XStream deserialization vulnerability in the NSM Manager component of VMware Cloud Foundation NSX-V allows a remote attacker to execute arbitrary commands. Resolution Apply the patch referenced in...

Oracle WebLogic Server BadAttributeValueExpException deserialization

Added: 05/27/2020 CVE: CVE-2020-2555 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A Java object deserialization vulnerability in WebLogic allows unauthenticated remote code execution by sending a serialized BadAttributeValueExpExceptio...

HP Performance Manager Apache Tomcat Policy Bypass

Added: 11/05/2010 CVE: CVE-2009-3548 BID: 36954 OSVDB: 60176 Background HP Performance Manager Software is a web-based analysis and visualization tool that analyzes performance trends of applications, systems, and services. HP Performance Manager incorporates Apache Tomcat 5 to help serve custom...

Spring Framework Data Binding vulnerability

Added: 04/05/2022 Background The Spring Framework provides a comprehensive programming and configuration model for modern Java-based enterprise applications. Problem Spring Framework is affected by a data binding vulnerability when running with JDK 9 or higher. The vulnerability allows remote cod...

netkit telnetd nextitem vulnerability

Added: 03/24/2020 Background netkit telnetd is a server implementation of the Telnet protocol which comes with many Linux and Unix operating systems. Problem An unbounded read and write condition in the nextitem function allows remote attackers to execute arbitrary commands on the server...

Linux Dirty COW Local File Overwrite

Added: 10/27/2016 CVE: CVE-2016-5195 BID: 93793 Background This tool allows you to overwrite an arbitrary file on Linux systems. Problem A race condition exists in the way the Linux kernel's memory subsystem handles the copy-on-write COW breakage of private read-only memory mappings. An...

Adobe Flash Player callMethod Bytecode Memory Corruption

Added: 04/21/2011 CVE: CVE-2011-0611 BID: 47314 OSVDB: 71686 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem A memory corruption vulnerability allows command execution when the browser loads a specially crafted Small Web Forma...

IBM Cognos Express Server Backdoor Account Remote Code Execution

Added: 05/25/2010 CVE: CVE-2010-0557 BID: 38084 OSVDB: 62118 Background IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companie...

Citrix ADC nsppe buffer overflow

Added: 08/09/2023 CVE: CVE-2023-3519 Background Citrix ADC formerly NetScaler ADC is an application delivery and load balancing platform. Problem A buffer overflow vulnerability in the nsppe process in Citrix ADC allows an unauthenticated attacker to execute arbitrary commands by making a special...

Microsoft Azure Open Management Infrastructure remote command execution

Added: 09/28/2021 Background Microsoft Azure Open Management Infrastructure is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. Problem A vulnerability in Open Management Infrastructure allows remote attackers to execute...

Commvault Command Center upload path traversal

Added: 05/16/2025 Background Commvault is a unified backup and recovery solution for cloud ready organizations. It gives complete backup and recovery protection for your business to cover all data wherever it resides. Problem A path traversal vulnerability allows unauthenticated users to upload...

VMware VCenter Server file upload

Added: 02/25/2021 Background VMware VCenter Server is server management software for controlling VMware VSphere environments. Problem A vulnerability in VMware VCenter Server allows remote, unauthenticated attackers to upload files to arbitrary locations on the server, leading to command executio...

Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability

Added: 10/24/2014 CVE: CVE-2014-4114 BID: 70419 OSVDB: 113140 Background OLE Object Linking and Embedding is a technology that allows applications to share data and functionality, such as the ability to create and edit compound data, i.e., data that contains information in multiple formats. For...

Mirth Connect deserialization vulnerability

Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade to...

PaperCut authentication bypass

Added: 05/12/2023 Background PaperCut is print management software. It includes a web interface written in Java. Problem An authentication bypass vulnerability in the SetupCompleted class allows a remote, unauthenticated attacker to execute arbitrary code in the context of SYSTEM. Resolution...

Citect SCADA ODBC Service Overflow

Added: 03/10/2009 CVE: CVE-2008-2639 BID: 29634 OSVDB: 46105 Background The CitectSCADA and CitectFacilities applications include ODBC server capabilities to provide remote SQL access to a relational database. The ODBC Server component listens on port 20222/tcp by default. Problem A buffer overfl...

Oracle WebLogic Server deserialization remote code execution

Added: 05/02/2019 CVE: CVE-2019-2725 BID: 108074 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows...

Kolibri WebServer HTTP GET Request Handling Buffer Overflow

Added: 08/07/2014 CVE: CVE-2014-4158 BID: 68195 OSVDB: 108090 Background SENKAS Kolibri Webserver is a free very simple web server for Microsoft Windows that supports serving static web content. Problem Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly...

Apache HugeGraph Gremlin command injection

Added: 08/20/2024 Background Apache HugeGraph is a graph database. HugeGraph supports Gremlin, a graph traversal language. Problem A vulnerability in Apache HugeGraph allows remote attackers to bypass sandbox restrictions and execute arbitrary commands through Gremlin. Resolution Upgrade to...

D-Link NAS nas_sharing.cgi command injection

Added: 04/24/2024 CVE: CVE-2024-3273 Background D-Link Network Attached Storage NAS devices allow different clients to connect to a centralized disk on a Local Area Network LAN. Problem A backdoor and a command injection vulnerability in the nassharing.cgi script allow a remote attacker to execut...

Symantec Endpoint Protection Manager authentication bypass

Added: 08/26/2015 CVE: CVE-2015-1486 BID: 76074 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. Problem Symantec Endpoint...

Aviatrix Controller list_flightpath_destination_instances command injection

Added: 02/04/2025 Background Aviatrix Controller is a cloud networking platform that manages connectivity of cloud and hybrid networks. Problem A command injection vulnerability in the listflightpathdestinationinstances API action allows remote attackers to execute arbitrary commands. Resolution...

Airspan AirSpot pingDiagnostic command injection

Added: 09/27/2022 Background Airspan AirSpot 5410 is an advanced, LTE, CAT12, outdoor, multi-service product specifically designed to meet data needs for residential, business and enterprise users. Problem A command injection vulnerability when diagnostics.cgi handles the pingDiagnostic command...

MagicINFO SWUpdateFileUploader remote command execution

Added: 05/23/2025 CVE: CVE-2025-4632 Background MagicINFO is digital signage software from Samsung. Problem A path traversal, unsafe file upload, and missing authentication vulnerability allows remote, unauthenticated attackers to upload arbitrary files to the server and then execute them using a...

Linux Dirty COW Local File Overwrite

Added: 10/27/2016 CVE: CVE-2016-5195 BID: 93793 Background This tool allows you to overwrite an arbitrary file on Linux systems. Problem A race condition exists in the way the Linux kernel's memory subsystem handles the copy-on-write COW breakage of private read-only memory mappings. An...

ZeroShell kerbynet remote command execution

Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...

ZeroShell kerbynet remote command execution

Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...

Dell OpenManage Network Manager MySQL vulnerability

Added: 11/20/2018 BID: 105912 Background Dell OpenManage Network Manager is a product for monitoring and managing network devices. Problem Dell OpenManage Network Manager runs the MySQL database service with root privileges and enables default database accounts, allowing a remote attacker to writ...

PHPMailer Command Injection in WordPress Core via Exim

Added: 05/17/2017 BID: 95108 Background Wordpress is a free and open-source content management system CMS based on PHP and MySQL. WordPress uses PHPMailer, which is a PHP class used for sending email from PHP. PHPMailer provides an interface to the system's mail transfer agent MTA, such as...