EUVD-2025-197812

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...

CVE-2025-63916

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...

CVE-2025-63916

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...

Emergency Ambulance Hiring Portal 1.0 PHP Code Injection

============================================================================================================================================= | Title : Emergency Ambulance Hiring Portal 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

Malicious code in react-fixtures (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 313318cff861c45bde316c24fa07d680f6c59e74a77ae6e65c31fe66f54e2f9d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2018-9156

AXIS P1354 IP camera (Firmware 5.90.1.1) is affected by CVE-2018-9156 due to an upload page that does not verify file types, enabling a webshell upload via fileUpload.shtml for a custom .shtml file. The shell can be interpreted by Apache mod_include (

ESXi Detection via VMWare Tools CMD execution

Binary data vmwareesxidetection.nbin...

dirLIST 0.3.0 - Arbitrary File Upload

dirLIST 0.3.0 - Arbitrary File Upload + + Credits / Discovery: John Page + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DIRLIST-FILE-UPLOAD-BYPASS-CMD-EXEC.txt + ISR: Apparition + Vendor: =============== sourceforge.net Product: =============== dirList...

dirLIST 0.3.0 - Arbitrary File Upload

Credits / Discovery: John Page + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DIRLIST-FILE-UPLOAD-BYPASS-CMD-EXEC.txt + ISR: Apparition + Vendor: =============== sourceforge.net Product: =============== dirList v0.3.0 Download: ===========...

Enigma Fileless UAC Bypass

a This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ Exploit Title : enigmafilelessuacbypass.rb Module...

Symantec Endpoint Protection Manager Remote Command Execution

This Metasploit module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager versions 11.0, 12.0 and 12.1. When supplying a specially crafted XXE request an attacker can reach SQL injection affected components. As xpcmdshell is enabled in the included database instance, it'...

win32/xp sp3 Ru WinExec+ExitProcess cmd shellcode 12 bytes

win32/xp sp3 Ru WinExec+ExitProcess cmd shellcode 12 bytes. Shellcode exploit for windows platform 68 9D 61 F9 77 push 0x77C01345 B8 C7 93 C1 77 mov eax,msvcrt.system FF D0 call eax In msvcrt.dll at 0x77C01344 We have string ".cmd", that's the trick. Code will work in WinXP SP3 Pro Rus, in other...

Oracle 10g - Multiple Privilege Escalation Vulnerabilities

Oracle 10g - Multiple Privilege Escalation Vulnerabilities source: https://www.securityfocus.com/bid/38115/info Oracle Database is prone to multiple remote privilege-escalation issues because it fails to properly restrict access to certain packages. The attacker can exploit these issues to escala...

Using cmd hide from anti-virus and firewall method-vulnerability warning-the black bar safety net

我们 可以 把 SkSockServer.exe 更改 为 sk.jpg In this case, antivirus software will not check out. In direct double-click to perform the change through the extension of the program time, the system will ask in what way open, that is to say windows didn't recognize it. But we in the cmd command line it can...

Friendly Technologies (fwRemoteCfg.dll) ActiveX Command Exec Exploit

Exploit for unknown platform in category remote exploits ==================================================================== Friendly Technologies fwRemoteCfg.dll ActiveX Command Exec Exploit ==================================================================== lamers.RunApp "cmd" ,"cmd /k echo S...

Haudenschilt Family Connections 0.8 - index.php Authentication Bypass

Haudenschilt Family Connections 0.8 - index.php Authentication Bypass source: https://www.securityfocus.com/bid/25276/info Haudenschilt Family Connections is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access. This may facilitate a...

With ASP Trojan FTP and decompression-vulnerability warning-the black bar safety net

In broilers placed on the website,the most troublesome is probably the update and upload a lot of files, Terminal Services broad daylight easy to be found,open your own ftp and not assured. Your own online in a circle is found by combining the non-component upload asp Trojan can be easily achieve...

CVE-2001-0440

The connected document (MDKSA-2001:032-1) confirms a vulnerability in Licq pre-1.0.3 where received URLs are parsed without sufficient checks and passed to the system() call. This allows remote attackers to cause arbitrary commands to be executed on the client, via crafted URLs, and can lead to d...