The vulnerability of the integrated controller, Satellite Management Controller (SMC), in the microprogrammed software of AMD MI300X processors allows a hacker to execute arbitrary commands.

The vulnerability of the integrated controller, Satellite Management Controller SMC, in the microprogrammed software of AMD MI300X processors is related to insufficient verification of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

The vulnerability of the Microprogrammed Software for IP Cameras from Smartwares, models CIP-37210AT and C724IP, arises from the lack of measures to sanitize input data at the control level. This allows intruders to execute arbitrary commands.

The vulnerability of the Microprogrammed Software for Smartwares CIP-37210AT and C724IP cameras is related to the lack of measures for cleaning incoming data at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

How to Create a Scan to Identify Remote Command Execution

This whitepaper covers how to create a scan in Perl to identify remote command execution in web applications. Depending on the context of the environment and architecture, the content of the paper can be applied to APIs in addition to presenting how to correct or avoid RCE problems at the code...

CVE-2024-53700

A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later...

Exploit for Improper Handling of Case Sensitivity in Apache Camel

PoC exploit for CVE-2025-27636, an Apache Camel vulnerability. T...

Advisory ROSA-SA-2025-2771

Software: python-setuptools 39.2.0 OS: ROSA Virtualization 3.0 packageevrstring: python-setuptools-39.2.0-8.0.1.rv30 CVE-ID: CVE-2024-6345 BDU-ID: 2024-05843 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the packageindex module of the setuptools project packaging simplification library is...

CVE-2025-2096

A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. This vulnerability affects the function setRebootScheCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mode/week/minute/recHour leads to os command injection. The attack can be initiat...

CVE-2025-2094

A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The attack may be launche...

Exploit for CVE-2025-26055

CVE-2025-26055 CVE Description Author : Rohan Deshpande...

CVE-2024-50390

A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later...

CVE-2024-53692

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions:...

CVE-2024-53700

The CVE-2024-53700 entry describes a command injection affecting QHora/QNAP QuRouter, with remote attackers who have gained administrator access able to execute arbitrary commands. Affected software is QuRouter prior to 2.4.6.028; a fix is available in 2.4.6.028 and later. The vulnerability’s roo...

CVE-2024-53692 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions:...

CVE-2024-50390 QHora

A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later...

Webmin 2.202 Remote Command Execution

Webmin version 2.202 remote command execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Webmin 2.202 Reverse Shell attack | | Author : indoushka | |...

QNAP Systems QuRouter 安全漏洞

QNAP Systems QuRouter is a router management system from China Weilian Technology QNAP Systems. A security vulnerability exists in QNAP Systems QuRouter that stems from command injection and could lead to a remote attacker executing arbitrary commands...

D Tale 3.10.0 Remote Command Execution

D Tale version 3.10.0 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.10.0 PHP code execution vulnerability | | Author : indoushka |...

Monstra CMS 3.0.4 Remote Command Execution

Monstra CMS version 3.0.4 proof of concept remote command execution exploit. Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Date: 05.03.2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested...

The vulnerability of the telnetd daemon in the microprogramming router Tenda AC15 allows a hacker to execute arbitrary commands.

The vulnerability of the telnetd microprogramming system for Tenda AC15 routers is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending specially crafted requests...

Precurio Intranet Portal 4.4 Remote Command Execution

Precurio Intranet Portal version 4.4 suffers from a remote command execution vulnerability. Exploit Title: Precurio Intranet Portal 4.4 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Discovered Date: 05.03.2024 Vendor Homepage: https://www.precurio.com Software Link:...