Gogs 安全漏洞

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the Gogs team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs versions prior to 0.13.1, which...

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 CVE-2023-50564 is an RCE vulnerability in Pluc...

CVE-2024-56052

CVE-2024-56052 : Unrestricted Upload of File with Dangerous Type in the WordPress LMS plugin WPLMS allows uploading a web shell to the web server. Affected: WPLMS versions prior to 1.9.9.5.2. Impact is described as severe, with CVSS ratings in sources indicating HIGH/CRITICAL levels (e.g., base s...

MOBATIME Network Master Clock 安全漏洞

MOBATIME Network Master Clock is a clock program from MOBATIME, Inc. It is used to build and run large-scale clock systems. A security vulnerability exists in MOBATIME Network Master Clock DTS 4801. An attacker exploiting this vulnerability could gain initial access via SSH using default...

QEMU Root Shell Access Vulnerability

AMD ID: AMD-SB-3012 Potential Impact: Guest OS Root Shell Access from Malicious Host Severity: N/A Summary Researchers from the University of Tokyo shared with AMD a paper titled “A Root Shell Access Vulnerability in QEMU for AMD SEV-SNP Confidential Virtual Machines.” The research paper reports...

PT-2025-25573 · Google · Chrome Os

Name of the Vulnerable Software and Affected Versions: Google ChromeOS versions 16063.45.2 and potentially others Description: The issue allows a local attacker to gain root code execution via exploiting a debug shell accessible through specific key combinations during developer mode entry and...

Cisco NX-OS Improper Encoding or Escaping of Output (CVE-2017-12340)

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash...

GHSA-49CC-XRJF-9QF7 SFTPGo allows administrators to restrict command execution from the EventManager

Impact One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in all software similar to SFTPGo and is generally unrestricted. However, any SFTPGo administrator with permission to run a...

grub2 安全漏洞

grub2 is a Linux system boot program from the American GNU community. A security vulnerability exists in grub2 that originates from allowing an attacker with access to the grub shell to access files on an encrypted disk...

RHEL 6 / 7 : rh-mariadb100-mariadb (RHSA-2016:2927)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:2927 advisory. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The...

CVE-2024-48700

Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the editpage.php component...

CVE-2024-48459

A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. Jixiang Tenda v.DI7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can exploit this vulnerability by constructing a malicious payload to execute commands and...

Kliqqi CMS 安全漏洞

Kliqqi CMS Pligg CMS is a content management system from Kliqqi open source. A security vulnerability exists in Kliqqi CMS. By exploiting this vulnerability, an attacker can plant a backdoor or getShell via the editpage.php component...

CVE-2024-48459

A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. Jixiang Tenda v.DI7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can exploit this vulnerability by constructing a malicious payload to execute commands and...

PT-2024-33119 · Ax2 Pro · Ax2 Pro

Name of the Vulnerable Software and Affected Versions: AX2 Pro home router version DI 7003G-19.12.24A1V16.03.29.50 Description: A command execution issue exists, allowing an attacker to construct a malicious payload and execute commands. This can lead to obtaining shell access to the router's fil...

CVE-2024-48459

CVE-2024-48459 describes a command execution (OS command injection) vulnerability in the AX2 Pro home router from Shenzhen Tenda Technology (Jixiang Tenda), affecting DI_7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can craft a malicious payload to execute commands and obtai...

PT-2024-33184 · Unknown · Kliqqi-Cms

Name of the Vulnerable Software and Affected Versions: Kliqqi-CMS affected versions not specified Description: The issue allows attackers to execute arbitrary code in the background, potentially leading to the implantation of backdoors or gaining shell access. This is achieved through exploitatio...

The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.

The vulnerability of the Kubernetes Image Builder software relates to the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine via SSH connection and elevate their privileges to root level...

The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.

The vulnerability of the Kubernetes Image Builder software relates to the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine via SSH connection and elevate their privileges to root level...

PT-2024-33380

Name of the Vulnerable Software and Affected Versions Shafiq Digital Lottery versions 3.0.5 and earlier Description The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized access to...