BMC FootPrints 代码问题漏洞

BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained code vulnerabilities. These vulnerabilities stemmed from the VIEWSTATE processing in ASP.NET servlets, which allowed untrusted dat...

CVE-2025-15540 Authenticated RCE in Raytha CMS

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

📄 PivotX 3.0.0 RC 3 Command Injection

PivotX content management system versions up to and including 3.0.0-rc3 contain an authenticated remote code execution vulnerability that allows administrative users to modify PHP files directly through the web interface, leading to complete system compromise...

Exploit for CVE-2026-25512

CVE-2026-25512 PoC – Group-Office Authenticated RCE via TNEF H...

CVE-2021-22014

The vCenter Server contains an authenticated code execution vulnerability in VAMI Virtual Appliance Management Infrastructure. An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter...

CVE-2026-21877

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version...

EUVD-2025-206087

meterN 1.2.3 contains an authenticated remote code execution vulnerability in adminmeter2.php and adminindicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges...

CVE-2021-47736

CMSimple_XH 1.7.4 is affected by an authenticated remote code execution in the content editing functionality. The root cause is insufficient input validation/filtering during processing of user-submitted data, allowing authenticated administrators to upload PHP files (via the CSRF mechanism) and ...

CVE-2025-67172

RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the parsespecialtags function...

CVE-2024-58284 PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...

Vulnerability fixed in Fortinet FortiWeb

Fortinet has fixed a vulnerability in FortiWeb. The vulnerability is in the way Fortinet FortiWeb handles HTTP requests and CLI commands. Authenticated attackers can exploit this vulnerability to execute unauthorized code via carefully crafted HTTP requests or CLI commands. Fortinet has confirmed...

EUVD-2019-16927

Malware in sbrugna...

(0Day) Ivanti Endpoint Manager Report_Run2 SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportRun2 class. The issue results from the lack of proper validation of a...

CVE-2025-30057 Authenticated RCE with uhcapache privileges in ConvertToPDF

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...

CVE-2025-30057 Authenticated RCE with uhcapache privileges in ConvertToPDF

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...

CVE-2025-54473

An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature...

Vulnerability fixed in Roundcube Webmail

Roundcube has fixed a vulnerability in Roundcube Webmail specifically versions before 1.5.10 and 1.6.x before 1.6.11. An authenticated malicious party can exploit the vulnerability to execute arbitrary code. To do so, the malicious party must send a rogue HTTP request to the Roundcube application...

CVE-2023-45043

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2017-17677

BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code...

CVE-2017-11347

Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...