Generex CS141 before 2.08 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh).
https://www.generex.de/products/ups/
https://www.generex.de/support/downloads/ups/cs141
https://github.com/hubertfarnsworth12/Generex-CS141-Authenticated-Remote-Command-Execution
Description A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions
Description Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU
Description Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. References https://huntr.dev/bounties/ac10e81c-998e-4425-9d74-b985d9b0254c https://github.com/cloudexplorer-dev/cloudexplorer-lite/commit/d9f55a44e579d312977b02317b2020de758b763a For More Information MITRE