Template Injection Vulnerability in Sawtooth Software's Lighthouse Studio (CVE-2025-34300)

This module exploits a template injection vulnerability in the Sawtooth Software Lighthouse Studio's ciwweb.pl web application. The application fails to properly sanitize user input within survey templates, allowing unauthenticated attackers to inject and execute arbitrary Perl commands on the...

📄 Sawtooth Software Lighthouse Studios Template Injection

This Metasploit module exploits a template injection vulnerability in the Sawtooth Software Lighthouse Studios ciwweb.pl web application. The application fails to properly sanitize user input within survey templates, allowing unauthenticated attackers to inject and execute arbitrary Perl commands...

CVE-2022-33941

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...

Movable Type 代码注入漏洞

Six Apart Movable Type MT is a blogging system from Six Apart USA. The system includes features such as multiple users, comments, quotes, and topics. A code injection vulnerability exists in Movable Type that originates from a specially crafted message that can be sent to the Movable Type XMLRPC...

Debian Security Advisory DSA 892-1 (awstats)

The remote host is missing an update to awstats announced via advisory DSA 892-1. Peter Vreugdenhil discovered that awstats, a featureful web server log analyser, passes user-supplied data to an eval function, allowing remote attackers to execute arbitrary Perl commands. The old stable distributi...

Debian: Security Advisory (DSA-892-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-892-1 : awstats - missing input sanitising

Peter Vreugdenhil discovered that awstats, a featureful web server log analyser, passes user-supplied data to an eval function, allowing remote attackers to execute arbitrary Perl commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

FreeStyle Wiki Arbitrary Command Injection Vulnerability

Secunia Advisory: SA16612 Release Date: 2005-08-30 Critical: Moderately critical Impact: System access Where: From remote Solution Status: Vendor Patch Software: FreeStyle Wiki 3.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. Description: A...