CVE-2023-45869

ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...

Sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file booking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been...

Arbitrary Code Execution

llama-index is vulnerable to Arbitrary Code Execution. The vulnerability exists because of the improper handling of user input in the PandasQueryEngine function of the library, which allows an attacker to inject and execute malicious code due to the usage of the exec function...

PT-2024-12816 · Mariadb Foundation +1 · Mariadb +1

Name of the Vulnerable Software and Affected Versions: MariaDB version 10.5 Description: Insecure permissions in the sys exec function of MariaDB allow authenticated attackers to execute arbitrary commands with elevated privileges. This issue is disputed by the MariaDB Foundation because no...

DaillyTools Remote Command Execution

==================================================================================================================================== | Title : DaillyTools v1 command execution Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit ...

PT-2023-20539 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue was found in the system, affecting the exec function of the disapprove delete.php file. The manipulation of the id argument leads to SQL...

Sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file admin/operations/currency.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. Th...

PT-2023-17098 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue has been found in the system, affecting the exec function of the file admin/operations/approve delete.php. The manipulation of the id argument...

CVE-2021-33949

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...

CVE-2021-33949

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...

FeMiner wms 安全漏洞

FeMiner wms is a repository management system for individual developers of Chinese front-end miners FeMiner. A security vulnerability exists in FeMiner wms v1.1 that allows an attacker to execute arbitrary code via the filename parameter and exec function...

SUSE CVE-2008-7002

PHP 5.2.5 does not enforce a openbasedir and b safemodeexecdir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the 1 exec, 2 system, 3 shellexec, 4 passthru, or 5 popen functions,...

User Post Gallery <= 2.19 - Unauthenticated RCE

The plugin does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it. PoC Invoke the following curl command to execute the "id" command via PHP's exec function: curl -i...

Insecure Signature Verification

github.com/sigstore/cosign is vulnerable to insecure signature verification. The vulnerability exists in the Exec function in verifyattestation.go because the library does not properly validate the signature which allows an attacker to gain access to system data and execute malicious code...

R818 代码问题漏洞

Allwinner Technology R818 is a quad-core intelligent voice with screen chip from Allwinner Technology Zhuhai, China. A security vulnerability exists in the Allwinner R818 SoC Android Q SDK V1.0, which originates from a NULL pointer dereference in the open exec function that could execute a...

Command injection in github-todos

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

GHSA-792J-9WJ3-J634 Command injection in github-todos

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

CVE-2021-44684

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

CVE-2021-44684

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

Command injection

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...