CentOS 9 : texlive-20200406-26.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the texlive-20200406-26.el9 build changelog. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs...

Kafka UI 0.7.1 Command Injection Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kafka UI Unauthenticated Remote Command Execution via the Groovy Filter option.', 'Description' = %q A command injection vulnerability exists in...

Kafka UI 0.7.1 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kafka UI Unauthenticated Remote Command Execution via the Groovy Filter option.', 'Description' = %q A command injection vulnerability exists in...

Design/Logic Flaw

closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...

TACACS+: Remote Code Execution

Background An updated version of Cisco's TACACS+ server. Description A vulnerabilitiy has been discovered in TACACS+. Please review the CVE identifier referenced below for details. Impact A lack of input validation exists in tacplus which, when pre or post auth commands are enabled, allows an...

GLSA-202402-13 : TACACS+: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202402-13 TACACS+: Remote Code Execution - A lack of input validation exists in tacplus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC...

CVE-2024-24301

Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges...

PT-2024-19263 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 8.7.0 through 8.7.56 ELTS TYPO3 versions 9.5.0 through 9.5.45 ELTS TYPO3 versions 10.4.0 through 10.4.42 ELTS TYPO3 versions 11.5.0 through 11.5.34 LTS TYPO3 versions 12.4.0 through 12.4.10 LTS TYPO3 versions prior to 13.0.1...

CentOS 8 : texlive (CESA-2023:3661)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:3661 advisory. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because...

CVE-2023-4797

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...

CVE-2023-4797

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...

CVE-2023-4797 Newsletter Lite < 4.9.3 - Admin+ Command Injection

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...

WordPress plugin Newsletters security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability in the WordPress plugin...

PT-2024-13531 · WordPress · Newsletters

Name of the Vulnerable Software and Affected Versions: The Newsletters WordPress plugin versions prior to 4.9.3 Description: The issue arises from the plugin's failure to properly escape user-controlled parameters when they are appended to SQL queries and shell commands. This could enable an...

CVE-2023-46456

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 Exploit for CVE-2023-46604 This tool helps...

Exploit for OS Command Injection in Gl-Inet Gl-Ar300M_Firmware

GL.iNet Multiple Vulnerabilities This repository contains the...

Authentication flaw

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP t...

Run Shell Command allows Cross-Site Request Forgery

Impact A cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack are comments. When the...