CVE-2024-27975

An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

OS Command Injection

proctree is vulnerable to OS command injection. The vulnerability exists in the getProcessTree function in index.js due to a lack of sanitization in shell metacharacters which allows attackers to execute arbitrary commands via the fix function...

CVE-2022-24168

Tenda routers G1 and G3 v15.11.0.179502CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters...

CVE-2021-23154

In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system...

CVE-2020-7636

adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function...

CVE-2020-7605

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options...

Jenkins < 1.650 - Java Deserialization Exploit

Exploit for java platform in category remote exploits import random import string from decimal import Decimal import requests from requests.exceptions import RequestException Exploit Title: Jenkins CVE-2016-0792 Deserialization Remote Exploit Google Dork: intitle: "Dashboard Jenkins" + "Manage...

CVE-2016-4445

The fixlookupid function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function...

NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit)

NetWin SurgeFTP - Authenticated Admin Command Injection Metasploit require 'msf/core' class Metasploit3 'SurgeFTP Remote Command Execution', 'Description' = %q This module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitary commands. , 'Author' = 'Spencer...

NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit)

require 'msf/core' class Metasploit3 'SurgeFTP Remote Command Execution', 'Description' = %q This module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitary commands. , 'Author' = 'Spencer McIntyre', , 'License' = MSFLICENSE, 'References' = , 'Arch' =...

CVE-2008-2964

SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2007-2641

SQL injection vulnerability in W1L3D4bolum.asp in W1L3D4 Philboard 0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter, a different vector than CVE-2007-0920...

CVE-2005-1351

The ad.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument...