Zeroshell

zeroshell

Vendor: Zeroshell • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-41738 1Zeroshell 1Zeroshell Nov 21, 2024 Jun 11, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands.
CVE-2020-29390 1Zeroshell 1Zeroshell Nov 21, 2024 Nov 30, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and...Show more Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.Show less
CVE-2019-12725 1Zeroshell 1Zeroshell Nov 21, 2024 Jul 19, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by in...Show more Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.Show less
CVE-2009-0545 1Zeroshell 1Zeroshell Apr 23, 2026 Feb 12, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.