Vulnerabilites related to zeroshell - zeroshell
Vulnerability from fkie_nvd
Published
2019-07-19 23:15
Modified
2024-11-21 04:23
Severity ?
Summary
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zeroshell:zeroshell:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5D41D1-AAF3-4B6B-BA20-7E7A5CC74826",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters."
},
{
"lang": "es",
"value": "Zeroshell versi\u00f3n 3.9.0, es propenso a una vulnerabilidad de ejecuci\u00f3n de comandos remota. Espec\u00edficamente, este problema ocurre porque la aplicaci\u00f3n web maneja inapropiadamente algunos par\u00e1metros HTTP. Un atacante no autenticado puede explotar este problema inyectando comandos del Sistema Operativo dentro de los par\u00e1metros vulnerables."
}
],
"id": "CVE-2019-12725",
"lastModified": "2024-11-21T04:23:26.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-19T23:15:10.967",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tarlogic.com/advisories/zeroshell-rce-root.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://zeroshell.org/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tarlogic.com/advisories/zeroshell-rce-root.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://zeroshell.org/blog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-11 14:15
Modified
2024-11-21 06:26
Severity ?
Summary
ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zeroshell:zeroshell:3.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C38D618-1BCE-4B1C-8E75-37FEAC4A778A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands."
},
{
"lang": "es",
"value": "ZeroShell versi\u00f3n 3.9.5, presenta una vulnerabilidad de inyecci\u00f3n de comandos en el par\u00e1metro IP /cgi-bin/kerbynet, que puede permitir a un atacante autenticado ejecutar comandos del sistema"
}
],
"id": "CVE-2021-41738",
"lastModified": "2024-11-21T06:26:40.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-11T14:15:11.143",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40rootless724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40rootless724"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-30 18:15
Modified
2024-11-21 05:23
Severity ?
Summary
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.quake.so/post/zeroshell_linux_router_rce/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.quake.so/post/zeroshell_linux_router_rce/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zeroshell:zeroshell:3.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8C8666-6F31-4E8C-9B76-F35BA8F4641B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character."
},
{
"lang": "es",
"value": "Zeroshell versi\u00f3n 3.9.3, contiene una vulnerabilidad de inyecci\u00f3n de comandos en el par\u00e1metro StartSessionSubmit de l archivo /cgi-bin/kerbynet que podr\u00eda permitir a un atacante no autenticado ejecutar un comando de sistema usando metacaracteres de shell y el car\u00e1cter %0a"
}
],
"id": "CVE-2020-29390",
"lastModified": "2024-11-21T05:23:58.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-30T18:15:11.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.quake.so/post/zeroshell_linux_router_rce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.quake.so/post/zeroshell_linux_router_rce/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-12 23:30
Modified
2025-04-09 00:30
Severity ?
Summary
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3C7B176B-F51B-408F-B2A4-7E8E5BE5EC90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "B3B0BACE-C7A5-4682-AF8D-831695AAB59A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "AD769FAD-12CE-4BFD-BF00-6E9CD9543DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "687172D7-8322-435B-9DD2-93C4B06D89D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "15488672-B1D0-41CC-8A4D-5EDC8BC94818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7B9F5A68-47C4-404D-9FFC-45EF70D3A4E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "A57C0323-FBBF-4C7B-92C9-613594FC5726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "AE92FEE0-E89D-481F-A818-529FF6BF1AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "B3889F21-107B-4256-9329-EF327BBBED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "6F56A258-4F0F-4335-94B2-893448B3F254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "176A49E5-D367-4581-9D60-DD304FE38FBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action."
},
{
"lang": "es",
"value": "cgi-bin/kerbynet de ZeroShell 1.0beta11 y anteriores, permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de metacaracteres de l\u00ednea de comandos en el par\u00e1metro type -tipo- de una acci\u00f3n NoAuthREQ x509List."
}
],
"id": "CVE-2009-0545",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-12T23:30:01.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.ikkisoft.com/stuff/LC-2009-01.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500763/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0385"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zeroshell.net/eng/announcements/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zeroshell.net/eng/patch-details/#C100"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.ikkisoft.com/stuff/LC-2009-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500763/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zeroshell.net/eng/announcements/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zeroshell.net/eng/patch-details/#C100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8023"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-41738 (GCVE-0-2021-41738)
Vulnerability from cvelistv5
Published
2022-06-11 13:26
Modified
2024-08-04 03:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands.
References
| ▼ | URL | Tags |
|---|---|---|
| https://medium.com/%40rootless724 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40rootless724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-11T13:26:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40rootless724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@rootless724",
"refsource": "MISC",
"url": "https://medium.com/@rootless724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41738",
"datePublished": "2022-06-11T13:26:10",
"dateReserved": "2021-09-27T00:00:00",
"dateUpdated": "2024-08-04T03:15:29.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29390 (GCVE-0-2020-29390)
Vulnerability from cvelistv5
Published
2020-11-30 17:24
Modified
2024-08-04 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.quake.so/post/zeroshell_linux_router_rce/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.quake.so/post/zeroshell_linux_router_rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T17:24:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.quake.so/post/zeroshell_linux_router_rce/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.quake.so/post/zeroshell_linux_router_rce/",
"refsource": "MISC",
"url": "https://blog.quake.so/post/zeroshell_linux_router_rce/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29390",
"datePublished": "2020-11-30T17:24:17",
"dateReserved": "2020-11-30T00:00:00",
"dateUpdated": "2024-08-04T16:55:09.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0545 (GCVE-0-2009-0545)
Vulnerability from cvelistv5
Published
2009-02-12 23:00
Modified
2024-08-07 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/500763/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.zeroshell.net/eng/announcements/ | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/8023 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.ikkisoft.com/stuff/LC-2009-01.txt | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2009/0385 | vdb-entry, x_refsource_VUPEN | |
| http://www.zeroshell.net/eng/patch-details/#C100 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:03.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090209 ZeroShell \u003c= 1.0beta11 Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500763/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zeroshell.net/eng/announcements/"
},
{
"name": "8023",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8023"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ikkisoft.com/stuff/LC-2009-01.txt"
},
{
"name": "ADV-2009-0385",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0385"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zeroshell.net/eng/patch-details/#C100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090209 ZeroShell \u003c= 1.0beta11 Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500763/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zeroshell.net/eng/announcements/"
},
{
"name": "8023",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8023"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ikkisoft.com/stuff/LC-2009-01.txt"
},
{
"name": "ADV-2009-0385",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0385"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zeroshell.net/eng/patch-details/#C100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090209 ZeroShell \u003c= 1.0beta11 Remote Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500763/100/0/threaded"
},
{
"name": "http://www.zeroshell.net/eng/announcements/",
"refsource": "MISC",
"url": "http://www.zeroshell.net/eng/announcements/"
},
{
"name": "8023",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8023"
},
{
"name": "http://www.ikkisoft.com/stuff/LC-2009-01.txt",
"refsource": "MISC",
"url": "http://www.ikkisoft.com/stuff/LC-2009-01.txt"
},
{
"name": "ADV-2009-0385",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0385"
},
{
"name": "http://www.zeroshell.net/eng/patch-details/#C100",
"refsource": "MISC",
"url": "http://www.zeroshell.net/eng/patch-details/#C100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0545",
"datePublished": "2009-02-12T23:00:00",
"dateReserved": "2009-02-12T00:00:00",
"dateUpdated": "2024-08-07T04:40:03.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12725 (GCVE-0-2019-12725)
Vulnerability from cvelistv5
Published
2019-07-19 22:17
Modified
2024-08-04 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://zeroshell.org/blog/ | x_refsource_MISC | |
| https://www.tarlogic.com/advisories/zeroshell-rce-root.txt | x_refsource_MISC | |
| http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zeroshell.org/blog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tarlogic.com/advisories/zeroshell-rce-root.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T17:06:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zeroshell.org/blog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tarlogic.com/advisories/zeroshell-rce-root.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zeroshell.org/blog/",
"refsource": "MISC",
"url": "https://zeroshell.org/blog/"
},
{
"name": "https://www.tarlogic.com/advisories/zeroshell-rce-root.txt",
"refsource": "MISC",
"url": "https://www.tarlogic.com/advisories/zeroshell-rce-root.txt"
},
{
"name": "http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12725",
"datePublished": "2019-07-19T22:17:52",
"dateReserved": "2019-06-04T00:00:00",
"dateUpdated": "2024-08-04T23:32:54.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}