The vulnerability of the E-Staff automation system for recruitment processes is related to errors in XML data filtering during document printing, allowing a perpetrator to execute arbitrary commands.

The vulnerability of the E-Staff recruitment process automation system is related to errors in XML data filtering during document printing. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary commands by sending a specially crafted XML document...

FLIR AX8 1.46.16 - Remote Command Injection

Exploit Title: FLIR AX8 1.46.16 - Remote Command Injection Date: 8/19/2022 Exploit Author: Samy Younsi Naqwada https://samy.link, SC Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWok Version: 1.46.16...

CVE-2025-28137

The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28137

The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28137

The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28137

The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

Adapt Authoring Tool 0.11.3 - Remote Command Execution (RCE)

Exploit Title: Adapt Authoring Tool 0.11.3 - Remote Command Execution RCE Date: 2024-11-24 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.adaptlearning.org/ Software Link: https://github.com/adaptlearning/adaptauthoring Version: 0.11.3 CVE Identifier: CVE-2024-50672 , CVE-2024-50671...

📄 GestioIP 3.5.7 Remote Command Execution

GestioIP version 3.5.7 suffers from a remote command execution vulnerability. Exploit Title: GestioIP 3.5.7 - Remote Command Execution RCE Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link:...

CVE-2025-28137

The CVE-2025-28137 entry concerns TOTOLINK A810R firmware (example: V4.1.2cu.5182_B20201026) with a pre-auth remote command execution in the setNoticeCfg function via the NoticeUrl parameter. Affected component: setNoticeCfg. Root cause: failure to properly filter special characters in NoticeUrl ...

📄 Adapt Authoring Tool 0.11.3 Remote Command Execution

Adapt Authoring Tool version 0.11.3 suffers from a remote command execution vulnerability. Exploit Title: Adapt Authoring Tool 0.11.3 - Remote Command Execution RCE Date: 2024-11-24 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.adaptlearning.org/ Software Link:...

PT-2025-20240 · Ооо "Юзергейт" · Usergate Log Analyzer +3

Уязвимость в веб-интерфейсе программного обеспечения межсетевого экрана UserGate Next-Generation Firewall NGFW, единого центра управления UserGate Management Center UGMC и системы сбора логов UserGate Log Analyzer LogAn, связана с недостаточной проверкой входных данных. Эксплуатация уязвимости...

GestioIP 3.5.7 - Remote Command Execution (RCE)

Exploit Title: GestioIP 3.5.7 - Remote Command Execution RCE Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760 Date: 2025-01-13...

The vulnerability of the EMACS text editor arises from the lack of measures taken to eliminate special elements, allowing attackers to execute arbitrary commands.

The vulnerability of the EMACS text editor exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

PT-2025-17571 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 Description: The issue is a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter. This allows for remote command execution without prior...

Netman 204 - Remote command without authentication

Exploit Title: Netman 204 - Remote command with out authentication Date: 2/4/2025 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: netman-204 https://www.riello-ups.com/downloads/25-netman-204 Version: netman-204 Tested on: Windows/Linux Step 1 : Attacker can using these dorks then can fi...

PT-2025-16108 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an unauthenticated remote command execution. No information is provided about the estimated number of potentially affected devices worldwide or real-world...

The vulnerability of the recvSlaveUpgstatus() function in the TOTOLINK T8 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the recvSlaveUpgstatus function in the microprogramming software for TOTOLINK T8 routers is related to the lack of measures taken to clean data at the management level when processing the ip parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrar...

The vulnerability of the meshSlaveDlfw() function in the microprogramming software for TOTOLINK T8 allows a hacker to execute arbitrary commands.

The vulnerability of the meshSlaveDlfw function in the microprogramming software for TOTOLINK T8 routers is related to the lack of measures taken to clean data at the management level when processing the serverIp parameter. Exploiting this vulnerability allows a remote attacker to execute arbitra...

The vulnerability of the `setUpgradeFW()` function in TOTOLINK T8 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setUpgradeFW function in TOTOLINK T8 router microprogramming software is related to the lack of measures taken to clean data at the management level when processing the slaveIpList parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the updateWifiInfo() function in TOTOLINK T8 router software allows a hacker to execute arbitrary commands.

The vulnerability of the updateWifiInfo function in TOTOLINK T8 router microprogramming software is related to the lack of measures taken to clean data at the control level when processing the serverIp parameter. Exploiting this vulnerability could allow a remote attacker to execute arbitrary...