44987 matches found
Allsky Camera 安全漏洞
Allsky Camera is an Allsky open source camera system for photographing and monitoring the entire sky. A security vulnerability exists in Allsky Camera version v2024.12.0606, which originates from path traversal and could lead to arbitrary command execution...
CVE-2023-53872
Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...
CVE-2023-53885
CVE-2023-53885 affects Webutler v3.2 and enables remote code execution via arbitrary file upload. The vulnerability allows authenticated administrators to upload PHP files (e.g., a PHAR containing embedded system commands) through the media browser and subsequently execute commands by accessing t...
CVE-2023-53881 ReyeeOS 1.204.1614 Man-in-the-Middle Remote Code Execution via CWMP
ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by...
CVE-2023-53872
Wp2Fac 1.0 has an OS command injection vulnerability in the send.php endpoint. The vulnerability allows remote attackers to execute arbitrary system commands by injecting shell commands through the numara parameter (using & to chain commands). Impact is described as high for confidentiality, inte...
CVE-2023-53872 Wp2Fac 1.0 OS Command Injection via send.php Endpoint
Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...
CVE-2023-53872 Wp2Fac 1.0 OS Command Injection via send.php Endpoint
Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...
📄 Docker Compose 2.40.3 Command Execution
Docker Compose version 2.40.3 proof of concept provider type PHP command execution exploit. ============================================================================================================================================= | Title : Docker Compose v 2.40.3 Provider Type PHP Command...
PT-2025-51306
Name of the Vulnerable Software and Affected Versions Zomplog version 3.9 Description An authenticated attacker can inject and execute arbitrary PHP code through file manipulation endpoints. This is achieved by uploading malicious JavaScript files, renaming them to PHP, and then executing system...
wp2fac 操作系统命令注入漏洞
wp2fac is a CAPTCHA sending module by the individual developer Metin Yeşil. An operating system command injection vulnerability exists in version 1.0 of wp2fac, which stems from the presence of an OS command injection in the send.php endpoint, which could lead to the execution of arbitrary system...
Improper Encoding Or Escaping Of Output
MotionEye is vulnerable to Improper Encoding or Escaping of Output. The vulnerability is due to unsanitized user input in configuration parameters being written to configuration files, which allows an attacker to execute arbitrary commands when the service is restarted...
Command Injection
mcp-kubernetes-server is vulnerable to Command Injection. The vulnerability is due to the use of shell=True in the /mcp/kubectl endpoint, which allows an attacker to inject and execute arbitrary operating system commands...
Server-Side Template Injection (SSTI)
getgrav/grav is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to weak regex validation in the cleanDangerousTwig method, which allows an attacker to execute arbitrary commands on the server...
Improper Restriction Of Command Execution
org.jenkins-ci.plugins, azure-cli is vulnerable to improper restriction of command execution. The vulnerability is due to insufficient validation of executed commands, which allows an attacker with Item/Configure permission to execute arbitrary shell commands on the Jenkins controller...
CVE-2024-58298
Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...
MineAdmin has an insecure default password
Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover...
EUVD-2025-203101
MineAdmin has an insecure default password...
CVE-2025-65854
Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover...
Security Bulletin: Vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookie might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookier. Vulnerabilities include an attacker is able to brute force something that was supposed to be random, ...
CVE-2025-64986
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands...