An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.
Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.
A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution.
A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.
An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.
A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services.
An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs bec
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shell_exec() with unsanitized input from the pc POST parameter, allowing remote attackers
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upl
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configura
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers ca
An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.
An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.
A remote unauthenticated attacker may be able to bypass authentication
by utilizing a specific API route to execute arbitrary OS commands.
An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper val
An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component.
A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
This vulner
Page 1+ Next →