The vulnerability of microprogrammed access point software for small and medium-sized businesses under HPE Networking Instant On, related to the lack of data cleaning measures at the management level, allows attackers to execute arbitrary commands.

The vulnerability of HPE Networking Instant On’s microprogramming software for small and medium-sized businesses is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2014-125124

An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell...

CVE-2013-10037

CVE-2013-10037 affects WebTester 5.x installed via install2.php. The cpusername, cppassword, and cpdomain parameters are passed directly to shell commands without sanitization, enabling remote unauthenticated command execution with web server privileges. Public references discuss existing exploit...

CVE-2013-10039

CVE-2013-10039 describes a remote command injection in GestioIP

VulnCheck KEV: CVE-2025-32813

An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur...

Kloxo 安全漏洞

Kloxo is an open source hosting platform from LxCenter. A security vulnerability exists in Kloxo versions prior to 6.1.12 that stems from an unvalidated login-name parameter, which could lead to SQL injection and remote command execution...

GestioIP 安全漏洞

GestioIP is a web-based IPv4/IPv6 address management software from GestioIP. A security vulnerability exists in GestioIP 3.0 commit ac67be and prior versions, which stems from an unvalidated ip parameter that could lead to remote command execution...

Eppler Software WebTester 安全漏洞

Eppler Software WebTester is an online exam and quiz platform from Eppler Software. A security vulnerability exists in Eppler Software WebTester version 5.x. The vulnerability stems from a failure to clean up user input in the install2.php script, which could lead to remote command execution...

Pandora FMS 安全漏洞

Pandora FMS is a monitoring system from Pandora FMS, USA. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Pandora FMS 5.0RC1 and earlier versions, which stems from the anyterm-module endpoint not cleaning up us...

PT-2025-31544 · Undefined · Undefined

An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell...

CVE-2025-46811

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x8664/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image...

CVE-2025-52284

Totolink X6000R V9.4.0cu.1360B20241207 was found to contain a command injection vulnerability in the sub4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request...

CLSA-2025-1753799801 Fix CVE(s): CVE-2025-32462

SECURITY UPDATE: unauthorized command execution on remote hosts - debian/patches/CVE-2025-32462.patch: restrict user from setting remote host for command unless listing privileges - CVE-2025-32462...

Exploit for CVE-2025-47227

🔓 CVE-2025-47227 — Critical Admin Password Reset Bypass in Scr...

GO-2025-3776 Gogs allows deletion of internal files which leads to remote command execution in gogs.io/gogs

Gogs allows deletion of internal files which leads to remote command execution in gogs.io/gogs...

The vulnerability of the apcli_do_enr_pbc_wps function in the Netgear RAX5 router’s built-in software allows a hacker to execute arbitrary commands.

The vulnerability of the apclidoenrpbcwps function in Netgear RAX5 router’s built-in software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the vif_disable function in the Netgear RAX5 router’s built-in software allows a hacker to execute arbitrary commands.

The vulnerability of the vifdisable function in the Netgear RAX5 router’s built-in software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

CNVD-C-2019-48814 WebLogic wls9-async反序列化远程命令执行漏洞 回显poc for weblogic Patch update: https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html 漏洞复现： http://10.10.20.166:7001/async/AsyncResponseService curl -i http://10.10.20.166:7001/async/favicon.ico CNVD-C-2019-48814...

Exploit for Unprotected Alternate Channel in Crushftp

💥 CVE-2025-54309 - CrushFTP Unauthenticated Remote Command Exe...

SUSE CVE-2015-10141

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...