CVE-2024-28335

CVE-2024-28335 affects Lektor prior to 3.3.11. The issue is an unsanitized DB path traversal that can permit shell commands via a file added to the templates directory when a user’s browser visits an untrusted site that sends requests to localhost:5000, with the browser and the Lektor server runn...

PT-2024-22395 · Lektor · Lektor

Name of the Vulnerable Software and Affected Versions: Lektor versions prior to 3.3.11 Description: The issue concerns the lack of sanitization of database path traversal in Lektor. This allows shell commands to be executed via a file added to the templates directory under specific conditions. Th...

USN-6714-1: Debian Goodies vulnerability

It was discovered that debmany in Debian Goodies incorrectly handled certain deb files. An attacker could possibly use this issue to execute arbitrary shell commands...

LoadMaster 安全漏洞

Kemp LoadMaster is a highly secure application from Kemp. A security vulnerability exists in LoadMaster that originates from an operating system command injection that allows an attacker to inject commands into a UI component using shell commands...

Pyradm - Python Remote Administration Tool Via Telegram

Remote administration crossplatfrom tool via telegram\ Coded with ❤️ python3 + aiogram3 \ https://t.me/ptsoft v0.3 X Screenshot from target X Crossplatform X Upload/Download X Fully compatible shell X Process list X Webcam video record or screenshot X Geolocation X Filemanager X Microphone X...

GHSA-8832-4MM5-X2R6 discordrb OS Command Injection vulnerability

discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...

CVE-2024-22188

TYPO3 before 13.0.1 allows an authenticated admin user with system maintainer privileges to execute arbitrary shell commands with the privileges of the web server via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELT...

Command injection

TYPO3 before 13.0.1 allows an authenticated admin user with system maintainer privileges to execute arbitrary shell commands with the privileges of the web server via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELT...

CVE-2024-22188

Summary of CVE-2024-22188 : TYPO3 before 13.0.1 allows an authenticated admin (system maintainer) to inject and execute arbitrary shell commands on the web server via a command injection vulnerability in the Install Tool’s form fields. This impacts TYPO3 core prior to 13.0.1 and is fixed in the f...

CentOS 9 : texlive-20200406-26.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the texlive-20200406-26.el9 build changelog. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs...

Kafka UI 0.7.1 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kafka UI Unauthenticated Remote Command Execution via the Groovy Filter option.', 'Description' = %q A command injection vulnerability exists in...

Kafka UI 0.7.1 Command Injection Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kafka UI Unauthenticated Remote Command Execution via the Groovy Filter option.', 'Description' = %q A command injection vulnerability exists in...

Design/Logic Flaw

closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...

GLSA-202402-13 : TACACS+: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202402-13 TACACS+: Remote Code Execution - A lack of input validation exists in tacplus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC...

TACACS+: Remote Code Execution

Background An updated version of Cisco's TACACS+ server. Description A vulnerabilitiy has been discovered in TACACS+. Please review the CVE identifier referenced below for details. Impact A lack of input validation exists in tacplus which, when pre or post auth commands are enabled, allows an...

CVE-2024-24301

Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges...

PT-2024-19263 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 8.7.0 through 8.7.56 ELTS TYPO3 versions 9.5.0 through 9.5.45 ELTS TYPO3 versions 10.4.0 through 10.4.42 ELTS TYPO3 versions 11.5.0 through 11.5.34 LTS TYPO3 versions 12.4.0 through 12.4.10 LTS TYPO3 versions prior to 13.0.1...

CentOS 8 : texlive (CESA-2023:3661)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:3661 advisory. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because...

CVE-2023-4797

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...

CVE-2023-4797

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...