19614 matches found
Monstra CMS 3.0.4 Remote Command Execution
Monstra CMS version 3.0.4 proof of concept remote command execution exploit. Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Date: 05.03.2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested...
The vulnerability of the telnetd daemon in the microprogramming router Tenda AC15 allows a hacker to execute arbitrary commands.
The vulnerability of the telnetd microprogramming system for Tenda AC15 routers is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending specially crafted requests...
Security update for pcp
This update for pcp fixes the following issues: CVE-2024-45770: Fixed pmpost symlink attack allowing escalating pcp to root user bsc1230552. CVE-2024-45769: Fixed pmcd heap corruption through metric pmstore operations bsc1230551. CVE-2024-3019: Fixed exposure of the redis backend server allowing...
The vulnerability of the set_add_routing function in the internet.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the setaddrouting function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the sch_reboot() function in the adm.cgi script of the Wavlink AC3000 (WL-WN533A8) router’s microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the schreboot function in the adm.cgi script of the Wavlink AC3000 WL-WN533A8 router’s microprogramming system is related to the lack of measures taken to manage data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...
The vulnerability of the msp_info_htm() function in D-Link DI-8200 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the mspinfohtm function in D-Link DI-8200 router microprogramming software is related to the execution of operations outside the buffer during the processing of the flag and cmd parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the set_qos() function in the internet.cgi script of the Wavlink AC3000 router microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the setqos function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the escape of operations from the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending...
The vulnerability of the sch_reboot() function in the adm.cgi script of the Wavlink AC3000 (WL-WN533A8) router’s microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the schreboot function in the adm.cgi script of the Wavlink AC3000 WL-WN533A8 router’s microprogramming system is related to the failure to take measures for data cleaning at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...
The vulnerability of the set_add_routing function in the internet.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the setaddrouting function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the set_qos() function in the internet.cgi script of the Wavlink AC3000 router microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the setqos function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the escape of operations from the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending...
The vulnerability of the sch_reboot() function in the adm.cgi script of the Wavlink AC3000 (WL-WN533A8) router’s microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the schreboot function in the adm.cgi script of the Wavlink AC3000 WL-WN533A8 router’s microprogramming system is related to the lack of measures taken to manage data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...
Linux Distros Unpatched Vulnerability : CVE-2024-3019
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the...
Linux Distros Unpatched Vulnerability : CVE-2024-47177
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS system...
The vulnerability of the add_dir() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the adddir function in the nas.cgi script of the Wavlink AC3000 WL-WN533A8 router’s microprogramming system is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sendi...
CVE-2025-1947
A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. This affects the function scorm of the file UploadImageController.java. The manipulation of the argument param leads to command injection. It is possible to initiate the attack remotely. The...
emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...
Linux Distros Unpatched Vulnerability : CVE-2012-2142
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a...
Linux Distros Unpatched Vulnerability : CVE-2013-1862
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which...
Linux Distros Unpatched Vulnerability : CVE-2018-7187
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The go get implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for :// anywhere...
Linux Distros Unpatched Vulnerability : CVE-2017-8291
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a /OutputFile %pipe% substring in a...