Lucene search
K

185 matches found

BDU FSTEC
BDU FSTEC
added 2025/04/19 12:0 a.m.11 views

The vulnerability of the exec() function in the icepay.php script of the MagnusBilling VoIP system allows a hacker to execute arbitrary commands.

The vulnerability of the exec function in the icepay.php script of the MagnusBilling VoIP system is related to the failure to take measures to neutralize special elements used in the operating system’s commands when processing the democ parameter. Exploiting this vulnerability allows a remote...

10CVSS8.2AI score0.9425EPSS
Exploits15References4Affected Software1
CVE
CVE
added 2025/04/16 2:11 p.m.98 views

CVE-2025-22029

CVE-2025-22029 is rejected by its CNA and is not an active vulnerability entry.

6.5AI score
Exploits0
OSV
OSV
added 2024/06/27 9:32 p.m.10 views

GHSA-RRQQ-FV6M-692M vanna vulnerable to remote code execution caused by prompt injection

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...

9.8CVSS10AI score0.00875EPSS
Exploits0References3
NVD
NVD
added 2024/06/27 7:15 p.m.28 views

CVE-2024-5826

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...

9.8CVSS0.00875EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/27 6:40 p.m.43 views

CVE-2024-5826 Remote Code Execution via Prompt Injection in vanna-ai/vanna

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...

9.8CVSS0.00875EPSS
Exploits0References1
CVE
CVE
added 2024/06/27 6:40 p.m.60 views

CVE-2024-5826

CVE-2024-5826 – vanna-ai/vanna has a remote code execution vulnerability in the vanna.ask function due to prompt injection. The root cause is the absence of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in src/vanna/base/bas...

9.8CVSS10AI score0.00875EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.4 views

vanna Code Injection Vulnerability

Vanna is a personalized AI SQL agent from Vanna. vanna suffers from a code injection vulnerability that stems from a lack of sandboxing for executing LLM-generated code, which allows an attacker to manipulate the exec function in src/vanna/base/base.py, which can be exploited by an attacker to...

9.8CVSS8.9AI score0.00875EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/25 12:0 a.m.4 views

PT-2024-15889 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue affects the function exec of the file payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated...

9.8CVSS7.5AI score0.00634EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2023/11/04 12:0 a.m.11 views

The vulnerability of the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) of the ILIAS learning management and support system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the exec function in the execQuoted method of the ilUtil class /Services/Utilities/classes/class.ilUtil.php of the ILIAS training and support management system is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a remote...

9CVSS7.7AI score0.00765EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/10/26 3:15 p.m.4 views

CVE-2023-45869

ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...

9CVSS6.1AI score0.00765EPSS
Exploits1References3
NVD
NVD
added 2023/10/26 3:15 p.m.12 views

CVE-2023-45869

ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...

9CVSS9AI score0.00765EPSS
Exploits1References2
Prion
Prion
added 2023/09/10 12:15 a.m.18 views

Sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file booking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been...

6.5CVSS9.7AI score0.00649EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2023/08/17 4:10 a.m.32 views

Arbitrary Code Execution

llama-index is vulnerable to Arbitrary Code Execution. The vulnerability exists because of the improper handling of user input in the PandasQueryEngine function of the library, which allows an attacker to inject and execute malicious code due to the usage of the exec function...

9.8CVSS7.3AI score0.01233EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/07 12:0 a.m.9 views

PT-2024-12816 · Mariadb Foundation +1 · Mariadb +1

Name of the Vulnerable Software and Affected Versions: MariaDB version 10.5 Description: Insecure permissions in the sys exec function of MariaDB allow authenticated attackers to execute arbitrary commands with elevated privileges. This issue is disputed by the MariaDB Foundation because no...

5.7CVSS6.2AI score0.0073EPSS
Exploits1References27
Packet Storm
Packet Storm
added 2023/07/07 12:0 a.m.329 views

DaillyTools Remote Command Execution

==================================================================================================================================== | Title : DaillyTools v1 command execution Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit ...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/05/10 12:0 a.m.3 views

PT-2023-20539 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue was found in the system, affecting the exec function of the disapprove delete.php file. The manipulation of the id argument leads to SQL...

9.8CVSS8.3AI score0.00737EPSS
Exploits1References4
Prion
Prion
added 2023/03/23 8:15 a.m.15 views

Sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file admin/operations/currency.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. Th...

6.5CVSS9.7AI score0.00822EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.4 views

PT-2023-17098 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue has been found in the system, affecting the exec function of the file admin/operations/approve delete.php. The manipulation of the id argument...

9.8CVSS7.2AI score0.00822EPSS
Exploits1References6
OSV
OSV
added 2023/02/17 6:15 p.m.3 views

CVE-2021-33949

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...

9.8CVSS6.1AI score0.01045EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/02/17 12:0 a.m.5 views

FeMiner wms 安全漏洞

FeMiner wms is a repository management system for individual developers of Chinese front-end miners FeMiner. A security vulnerability exists in FeMiner wms v1.1 that allows an attacker to execute arbitrary code via the filename parameter and exec function...

9.8CVSS8.9AI score0.01045EPSS
Exploits1References2
Rows per page
Query Builder