CVE-2025-15048

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has bee...

CVE-2019-25243 FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test

FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...

CVE-2019-25243

FaceSentry 6.4.8 has an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php. The root cause is unsanitized inputs in strInIP/strInPort, enabling arbitrary shell commands with root privileges. Affected product: FaceSentry 6.4.8. Impact is described as high. Rem...

riello-multiple-vulnerabilities-2025

Riello UPS with NetMan 208 - Vulnerability Disclosure During...

PT-2025-53329

Name of the Vulnerable Software and Affected Versions FaceSentry version 6.4.8 Description FaceSentry 6.4.8 has a remote command injection issue in the pingTest.php and tcpPortTest.php scripts. An attacker with authentication can inject and execute arbitrary shell commands with root privileges...

CVE-2025-15048

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has bee...

CVE-2025-15048

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has bee...

Exploit for Code Injection in Laravel Livewire

Livepyre A tool designed to exploit CVE-2025-54068 an...

ROS-20251223-7314

A vulnerability in the Snapshot/Restore commands of the AdminServer component of the centralized service for maintaining configuration information, naming, providing distributed synchronization, and provisioning Apache ZooKeeper group services is related to incorrect handling of insufficient...

PT-2025-52857

Name of the Vulnerable Software and Affected Versions Tenda WH450 version 1.0.0.18 Description A flaw exists in the Tenda WH450 device. This issue affects an unspecified function within the HTTP Request Handler component, specifically related to the file '/goform/CheckTools'. Manipulation of the...

CVE-2023-53963 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Remote Command Injection

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

CVE-2023-53963 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Remote Command Injection

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

CVE-2023-53963

CVE-2023-53963 affects SOUND4 IMPACT/FIRST/PULSE/Eco v2.x and describes an unauthenticated OS command injection via the password parameter in login.php and index.php, enabling remote command execution with web server privileges. Public references document a PoC and multiple exploits (e.g., Exploi...

Sound4 IMPACT 操作系统命令注入漏洞

Sound4 IMPACT is a professional broadcast audio processor from Sound4 France. An OS command injection vulnerability exists in Sound4 IMPACT v2.x. The vulnerability stems from an OS command injection in the password parameter, which could lead to remote command execution...

CVE-2025-14884

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This...

Yet another DCOM object for lateral movement

Introduction If you're a penetration tester, you know that lateral movement is becoming increasingly difficult, especially in well-defended environments. One common technique for remote command execution has been the use of DCOM objects. Over the years, many different DCOM objects have been...

📄 LibreNMS 24.9.1 Code Injection

LibreNMS version 24.9.1 suffers from a remote command execution vulnerability. ============================================================================================================================================= | Title : LibreNMS 24.9.1 PHP Code Injection Vulnerability | | Author :...

HPE OneView id-pools command execution

Added: 12/19/2025 Background HPE OneView is integrated IT infrastructure management software. Problem A vulnerability in the id-pools feature allow remote attackers to execute arbitrary commands by sending a PUT request to the executeCommand API endpoint. Resolution Apply the hotfix referenced in...

CVE-2023-53942 File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with ...

CVE-2025-14884

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This...