CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface listening by default on port 5466 runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands i.e., through the web console or the task scheduler, and they are...

CVE-2024-5550

In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead...

CVE-2022-48222

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...

CVE-2020-11830

QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0...

CVE-2019-15600

A Path traversal exists in httpserver which allows an attacker to read arbitrary system files...

GFI MailEssentials 安全漏洞

GFI MailEssentials is an email security suite from GFI that includes 14 anti-spam filters, 3 anti-virus engines, and malware scanning. A security vulnerability exists in GFI MailEssentials versions prior to 21.8, which stems from improper handling of XML external entities and could result in...

CVE-2025-31340

Wisdom Master Pro, versions 5.0–5.2, is affected by CVE-2025-31340 due to improper control of included/required filenames in the retrieve course Information PHP function. This allows remote execution of arbitrary system commands via a malicious file. Root cause: insecure include/require filename ...

Microsoft Office 资源管理错误漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

D-Tale Remote Code Execution

This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...

CVE-2024-11984 SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type

A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file...

CVE-2024-10771

Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level ”Service”, an attacker can execute arbitrary system commands in the root user’s contexts...

CVE-2024-11983

CVE-2024-11983 affects several Billion Electric routers (e.g., M100, M150, M120N, M500). All sources describe an OS Command Injection vulnerability in a specific SSH function that allows remote administrators to inject and execute arbitrary system commands on the device. The issue is attributed t...

TRCore DVC path traversal vulnerability (CNVD-2024-46436)

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a path traversal vulnerability that can be exploited by an attacker to read arbitrary system files...

CVE-2024-11309

The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files...

CVE-2024-11310

The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files...

CVE-2024-11310

CVE-2024-11310 affects the DVC from TRCore, describing a Path Traversal vulnerability that allows unauthenticated remote attackers to read arbitrary system files. Concrete details across connected sources identify the vulnerable component as TRCore’s DVC and confirm the impact as arbitrary file r...

CVE-2024-11309

TRCore DVC suffers a Path Traversal vulnerability due to improper path filtering, allowing unauthenticated remote attackers to read arbitrary system files. Affected: TRCore DVC versions up to 6.3. Remediation guidance in connected PT-2024-16900 recommends patching to newer versions and reviewing ...

CVE-2024-11120

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received relat...

CVE-2024-11120 GeoVision EOL devices - OS Command Injection

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received relat...

CVE-2024-11120 GeoVision EOL devices - OS Command Injection

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received relat...