CVE-2023-53963

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

EUVD-2024-55337

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

CVE-2024-58294

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

CVE-2024-58294

CVE-2024-58294 affects FreePBX 16. An authenticated remote code execution vulnerability exists in the API module, exploitable by crafting malicious POST requests to the generatedocs endpoint with bash command injection to gain remote shell access. This is documented across multiple sources (NVD, ...

CVE-2024-58294 FreePBX 16 Authenticated Remote Code Execution via API Module

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

PT-2025-50748

Name of the Vulnerable Software and Affected Versions FreePBX version 16 Description FreePBX version 16 contains an authenticated remote code execution issue in the API module. An attacker with valid session credentials can execute arbitrary commands. The issue is exploitable through the...

FreePBX 操作系统命令注入漏洞

FreePBX formerly known as Asterisk Management Portal is a suite of tools for configuring Asterisk an IP telephony system via a GUI web-based graphical interface from the FreePBX project. An operating system command injection vulnerability exists in FreePBX version 16, which stems from remote code...

CVE-2021-47728

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local...

CVE-2025-27019

Remote shell service RSH in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0...

CVE-2025-27019

Remote shell service RSH in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0...

CVE-2025-27019 Remote shell service (RSH) in Infinera MTC-9

Remote shell service RSH in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0...

CVE-2025-27019 Remote shell service (RSH) in Infinera MTC-9

Remote shell service RSH in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0...

EUVD-2025-201701

Remote shell service RSH in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0...

CVE-2025-27019

CVE-2025-27019 affects Infinera MTC-9 where the Remote Shell Service (RSH) in firmware version R22.1.1.0275 contains a misconfiguration that allows an attacker to exploit password-less user accounts to obtain full system access via a reverse shell. The advisory notes impact on MTC-9 from R22.1.1....

PT-2025-49541

Name of the Vulnerable Software and Affected Versions Infinera MTC-9 versions R22.1.1.0275 through R22.1.1.0275 Description The Remote Shell Service RSH in Infinera MTC-9 allows an attacker to gain system access. This is achieved by exploiting password-less user accounts and activating a reverse...

Infinera MTC-9 安全漏洞

Infinera MTC-9 is a modular controller from Infinera USA. A security vulnerability exists in Infinera MTC-9 version R22.1.1.0275 through versions prior to R23.0, which stems from a misconfiguration of the remote shell service that could result in system access...

Exploit for OS Command Injection in Clam_Anti-Virus Clamav

Sendmail + ClamAV-Milter Exploit CVE-2007-4560 Python RCE e...

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that...

Exploit for CVE-2025-13597

AI Feeds extractTo$extractDir; $rootInsideZip = $extractD...

Siemens RUGGEDCOM ROS Devices Protection Mechanism Failure (CVE-2025-41224)

The affected products do not properly enforce interface access restrictions when changing from management to non-management interface configurations until a system reboot occurs, despite configuration being saved. This could allow an attacker with network access and credentials to gain access to...