19648 matches found
PopojiCMS 2.0.1 Remote Command Execution
Exploit Title: PopojiCMS 2.0.1 - Remote Command Execution Date: 14/04/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on:...
Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)
Exploit Title: Backdrop CMS 1.27.1 - Authenticated Remote Command Execution RCE Date: 04/27/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS...
PopojiCMS 2.0.1 - Remote Command Execution (RCE)
Exploit Title: PopojiCMS 2.0.1 - Remote Command Execution Date: 14/04/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on:...
Backdrop CMS 1.27.1 - Remote Command Execution Exploit
Exploit Title: Backdrop CMS 1.27.1 - Remote Command Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS import os import time import...
PopojiCMS 2.0.1 - Remote Command Execution Exploit
Exploit Title: PopojiCMS 2.0.1 - Remote Command Execution Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on:...
Exploit for CVE-2023-4596
CVE-2023-4596 !made-with-Pythonhttps://img.shields.io/bad...
OESA-2024-1589 engrampa security update
Mate File Archiver is an application for creating and viewing archives files, such as zip, xv, bzip2, cab, rar and other compress formats. Security Fixes: Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be...
CVE-2023-48643
Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...
CVE-2023-48643
Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...
CVE-2023-48643
Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...
CVE-2023-48643
CVE-2023-48643 affects Shrubbery tac_plus 2.x, 3.x, and 4.x up to F4.0.4.28. The issue arises when pre-auth or post-auth checks are configured as shell commands in tac_plus.cfg; strings from TACACS+ packets are used as command arguments, allowing injection that leads to unauthenticated remote com...
CVE-2024-4999
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller:...
CVE-2024-4965
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The attack may be initiated...
The vulnerability of the “register_argc_argv” option in the Cacti network monitoring software allows a hacker to execute arbitrary commands.
The vulnerability of the Cacti network monitoring software’s option registerargcargv is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely by injecting a specially crafted URL address...
The vulnerability of the disconnectVPN function in the microprogramming software for TOTOLINK X5000R allows a hacker to execute arbitrary commands.
The vulnerability of the disconnectVPN function in the microprogramming software for TOTOLINK X5000R lies in the lack of measures to protect input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
VulnCheck KEV: CVE-2023-50358
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network...
PT-2024-33828 · Ligowave · Ligowave Pro +3
Name of the Vulnerable Software and Affected Versions: Ligowave UNITY versions through 6.95-2 Ligowave PRO versions through 6.95-1.Rt3883 Ligowave MIMO versions through 6.95-1.Rt2880 Ligowave APC Propeller versions through 2-5.95-4.Rt3352 Description: A vulnerability in the web-based management...
LoLLMs Operating System Command Injection Vulnerability
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. An operating system command injection vulnerability exists in LoLLMs versions prior to 9.5 that stems from incorrect neutralization of special elements used in operating system commands, allowi...
PT-2024-13615 · Shrubbery · Tac Plus
Name of the Vulnerable Software and Affected Versions: Shrubbery tac plus versions 2.x through 4.x and versions up to F4.0.4.28 Description: The issue allows unauthenticated Remote Command Execution. It is caused by the product's ability to configure authorization checks as shell commands through...
The vulnerability of the runtime.pingTest() function in Linksys E5600 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the runtime.pingTest function in Linksys E5600 router microprogramming software is related to the lack of measures taken to neutralize special elements used in the OS command when processing the ipurl parameter. Exploiting this vulnerability allows a remote attacker to execut...