CVE-2012-10046

The CVE-2012-10046 entry concerns the E-Mail Security Virtual Appliance (ESVA), tested on ESVA_2057, which contains an unauthenticated command-injection in the learn-msg.cgi CGI handler. The vulnerability stems from inadequate sanitization of user input in the id parameter, allowing arbitrary she...

CVE-2025-4604

CVE-2025-4604 affects Liferay Portal 7.4.3.80 through 7.4.3.132 and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92. The vulnerability allows bypassi...

CVE-2025-36846

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...

CVE-2025-44163

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

Exploit for CVE-2025-49619

CVE-2025-49619 PoC --- This script exploits CVE-2025-49619...

CVE-2021-42171

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...

CVE-2019-16398

On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskjscriptrun.sh that executes a reverse shell...

Asterisk 操作系统命令注入漏洞

Asterisk is an Asterisk open source software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk suffers from an operating system command injection vulnerability that stems from a clipermissions.conf configuration failure, which could lead to...

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

CVE-2023-45878 GibbonEdu Arbitrary File Write to Web Shell...

Exploit for CVE-2025-1974

POC of IngressNightmare CVE-2025-1974 Developed from: - ht...

AZL-57746 CVE-2025-27423 affecting package vim for versions less than 9.1.1164-1

Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of compressed or uncompressed tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the i...

Vim 命令注入漏洞

Vim is a cross-platform text editor from the Vim open source. A command injection vulnerability exists in Vim versions prior to 9.1.1164, which stems from uncleaned input in the tar.vim plugin and could lead to the execution of shell commands...

CVE-2024-31866

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELININTPCLASSPATHOVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to...

USN-7268-1 activemq vulnerabilities

It was discovered that Apache ActiveMQ incorrectly handled authentication. A remote attacker could possibly use this issue to run arbitrary code. CVE-2022-41678 It was discovered that Apache ActiveMQ incorrectly handled deserialization. A remote attacker could possibly use this issue to run...

CVE-2020-5282

In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the npm command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta...

Command Injection

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Command Injection via the shellexec function in AboutController.php. A malicious device whose hostname includes shell...

PT-2024-8687

Name of the Vulnerable Software and Affected Versions LibreNMS affected versions not specified Description The issue is related to the LibreNMS network monitoring system and concerns the lack of measures to neutralize special elements, which can be exploited by a remote attacker to execute...

Python Execute Command

Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run module MetasploitModule CachedSize =...

SmartAgent 1.1.0 Remote Code Execution

Exploit Title: SmartAgent v1.1.0 - Unauthenticated Remote Code Execution Date: 01-10-2024 Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can access a php script called...

PT-2024-29565 · Byond +1 · Byond +1

Name of the Vulnerable Software and Affected Versions: tgstation-server versions prior to 6.8.0 Description: The issue allows low permission users with the "Set .dme Path" privilege to potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files...