| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earlier. The router’s web management interface fails to properly sanitize user input in the target_addr parameter of the formTracert and formPing administrative endpoints. An authenticated attacker can inject arbitrary operating system commands, which are executed with root privileges, leading to remote code execution. Successful exploitation enables full compromise of the device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC. |
| An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters (uploadType=eoffice_logo or uploadType=theme). An attacker can exploit this flaw by sending a crafted HTTP POST request to upload arbitrary files without requiring authentication. Successful exploitation could enable remote code execution on the affected server, leading to complete compromise of the web application and potentially the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC. |
| A remote command injection vulnerability exists in Vacron Network Video Recorder (NVR) devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying operating system via crafted HTTP requests. These commands are executed with the privileges of the web server process, enabling remote code execution and potential full device compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC. |
| An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which are unsafely embedded into backend system calls without proper input sanitization. Successful exploitation results in remote code execution with root privileges. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-02 UTC. |
| An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC. |
| An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-01 UTC. |
| An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC. |
| An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-04-10 UTC. |
| A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest_data parameter before passing it to the unserialize() function. This allows an unauthenticated attacker to submit crafted serialized data containing malicious object declarations, resulting in arbitrary code execution within the application context. Although SugarCRM released a prior fix in advisory sugarcrm-sa-2016-001, the patch was incomplete and failed to address some vectors. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-13 UTC. |
| A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. |
| A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking allows an attacker to overwrite heap memory, potentially leading to application crashes or remote code execution. Exploitation occurs in the context of the affected process and does not require user interaction. The vulnerability poses a high risk due to its pre-authentication nature and potential for full compromise. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue. |
| A heap-based buffer overflow vulnerability exists in the exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). This flaw is reachable without authentication and results from improper bounds checking when processing attacker-controlled input. By sending specially crafted data, a remote attacker can corrupt heap memory, potentially causing a denial of service or enabling arbitrary code execution depending on the memory layout and exploitation techniques used. This vulnerability is similar in nature to CVE-2025-34522 but affects a separate code path or component. No user interaction is required, and exploitation occurs in the context of the vulnerable process. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue. |
| When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges.
This issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290. |
| joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python web application, an attacker may be able to send arbitrarily large bearer tokens in the HTTP request headers. When this occurs, Python logging or diagnostic tools (e.g., Sentry) may end up processing extremely large log messages containing the full JWT header during the joserfc.jwt.decode() operation. The same behavior also appears when validating claims and signature payload sizes, as the library raises joserfc.errors.ExceededSizeError() with the full payload embedded in the exception message. Since the payload is already fully loaded into memory at this stage, the library cannot prevent or reject it. This issue has been patched in versions 1.3.5 and 1.4.2. |
| Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute arbitrary shell commands on the server without authentication. |
| myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application. |
| WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application. |
| Xftp FTP Client version up to and including 3.0 (build 0238) contain a stack-based buffer overflow vulnerability triggered by a maliciously crafted PWD response from an FTP server. When the client connects to a server and receives an overly long directory string in response to the PWD command, the client fails to properly validate the length of the input before copying it into a fixed-size buffer. This results in memory corruption and allows remote attackers to execute arbitrary code on the client system. |
| EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.” |
| EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp. |
