Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go. This vulnerability arises from authenticated SSH clients repeatedly opening channels that are rejecte...

CVE-2025-59669

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data...

PT-2025-47364

Name of the Vulnerable Software and Affected Versions FortiWeb versions 7.0 through 7.6.0 FortiWeb version 7.4 FortiWeb version 7.2 Description A hard-coded credentials issue exists in FortiWeb that could allow an authenticated attacker with shell access to the device to connect to the redis...

EUVD-2017-1480

Malware in sbrugna...

EUVD-2019-16926

Malware in sbrugna...

CVE-2025-50989

OPNsense before 25.1.8 suffers an authenticated command injection in the Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The POST parameter span is concatenated into a system-level command without sanitization, allowing an administrator to inject arbitrary shell commands and payloads...

CVE-2021-1306

A vulnerability in the restricted shell of Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE, and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is du...

WordPress Thumbnail carousel slider plugin <= 1.0 - Authenticated Shell Upload and Cross-Site Request Forgery (CSRF) vulnerabilities

Authenticated Shell Upload and Cross-Site Request Forgery CSRF vulnerabilities found by Arash Khazaei in WordPress Thumbnail carousel slider plugin versions = 1.0. Solution Update the WordPress Thumbnail carousel slider plugin to the latest available version at least 1.0.1...

SYSTORME ISG Command Injection

===================================== Authenticated Shell Command Injection ===================================== . contents:: Table Of Content Overview ======== Title : Authenticated Shell command Injection Author: Kaustubh G. Padwad CVE ID: CVE-2019-7383 Vendor: Systrome Networks...

Junos OS: A privilege escalation vulnerability exists where authenticated users with shell access can become root

An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions...

CVE-2017-1000203

ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution...

CVE-2017-1000203

ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution...

Thumbnail Carousel Slider < 1.0.1 - Authenticated Shell Upload & CSRF

The original advisory states that this vulnerability is exploitable with editor and author roles but this is incorrect. Only the administrator role by default can trigger this vulnerability. However, CSRF on the image upload form makes this exploitable by a malicious actor. PoC Create a file name...