Vulnerabilities > Zeroshell > Zeroshell
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-11 | CVE-2021-41738 | OS Command Injection vulnerability in Zeroshell 3.9.5 ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands. | 8.8 |
2020-11-30 | CVE-2020-29390 | OS Command Injection vulnerability in Zeroshell 3.9.3 Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character. | 10.0 |
2019-07-19 | CVE-2019-12725 | OS Command Injection vulnerability in Zeroshell 3.9.0 Zeroshell 3.9.0 is prone to a remote command execution vulnerability. | 10.0 |
2009-02-12 | CVE-2009-0545 | Improper Input Validation vulnerability in Zeroshell 1.0 cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. | 10.0 |