CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

Exploit for CVE-2026-2249

Overview The METIS DFS devices, specifically in versions lowe...

CVE-2026-2249

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

CVE-2026-2249 Unauthenticated Remote Command Execution via Web Console in METIS DFS

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

CVE-2026-2249

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

CVE-2026-2249

METIS DFS devices expose an unauthenticated web-based shell at /console, allowing remote command execution with daemon privileges on affected versions (

METIS DFS 安全漏洞

METIS DFS is a data processing software developed by the Greek company METIS. Versions of METIS DFS 2.1.234-r18 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /console endpoint, which exposed a web-based shell without authentication requirements. This could...

PT-2026-7598

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

DEBIAN-CVE-2014-8583

modwsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors...

Cobalt RaQ2 cgiwrap

'cgiwrap SPDX-FileCopyrightText: 1999 Mathieu Perrin Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10041";...

HappyMall Multiple Script Arbitrary Command Execution

There is a flaw HappyMall that could allow an attacker to execute arbitrary commands with the privileges of the HTTP daemon typically root or nobody, by making a request like : /shop/normalhtml.cgi?file=|id| In addition, memberhtml.cgi has been reported vulnerable. However, Nessus has not checked...

Mike Bobbitt's album.pl Alternative Configuration File Remote Command Execution

The remote host is running a version of the CGI 'album.pl' which is older than version 6.2 According to its version number, this CGI may allow an attacker to execute arbitrary commands on this host with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

PoPToP PPTP <= 1.1.4-b3 Remote Root Exploit

No description provided by source. / exploit for a recently discovered vulnerability in PoPToP PPTP server under Linux. Versions affected are all prior to 1.1.4-b3 and 1.1.3-20030409. The exploit is capable of bruteforcing the RET address to find our buffer in the stack. Upon a successfull run it...

Local root vuln in SuSE 8.0 plptools package

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Vulnerability Advisory Distribution: SuSE 8.0 possibly other versions, eg. 7.x/8.1 Package name: plptools-0.6mjg-161.i386.rpm Impact: Local root Advisory ID: CLIVITT-2003-2 Author: Carl Livitt carl at learningshophull.co.uk Date: January 29th...

Выполнение команд в ftp4all (code execution)

команда exec позволяет выполнить любую команду с привилегиями ftp-демона...

Quikstore Shopping Cart quikstore.cgi Multiple Vulnerabilities

The CGI 'quickstore.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10712...

SGI IRIX 6.3 - cgi-bin 'webdist.cgi' Command Execution

source: https://www.securityfocus.com/bid/374/info A vulnerability exists in the webdist.cgi program, as shipped by Silicon Grpahics Inc with the Irix operating system. This vulnerability will allow any remote user to execute arbitrary commands on an affected machine. Commands will be executed wi...