Lucene search
K

171 matches found

Metasploit
Metasploit
added 2025/09/17 6:53 p.m.727 views

Commvault Command-Line Argument Injection to Traversal Remote Code Execution

This module exploits an unauthenticated remote code execution exploit chain for Commvault, tracked as CVE-2025-57790 and CVE-2025-57791. A command-line injection permits unauthenticated access to the 'localadmin' account, which then facilitates code execution via expression language injection...

8.8CVSS7.9AI score0.83641EPSS
Exploits12
Packet Storm
Packet Storm
added 2025/09/17 12:0 a.m.182 views

📄 Commvault CLI Argument Injection / Traversal / Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution exploit chain for Commvault, tracked as CVE-2025-57790 and CVE-2025-57791. A command-line injection permits unauthenticated access to the localadmin account, which then facilitates code execution via expression language...

8.8CVSS8.7AI score0.83641EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-39243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's...

9.8CVSS8.3AI score0.01177EPSS
Exploits1References2
NCSC
NCSC
added 2025/08/28 8:36 a.m.13 views

Vulnerabilities fixed in Cisco NX-OS Software

Cisco has fixed vulnerabilities in Cisco NX-OS Software Specifically for Nexus 3000 and 9000 Series Switches. The vulnerabilities are in several features of the Cisco NX-OS Software. A vulnerability in the command-line interface CLI allows authenticated local malicious actors to perform command...

7.4CVSS7.1AI score0.03221EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.6 views

Commvault 参数注入漏洞

Commvault is a data backup and recovery software from Commvault, Inc. A parameter injection vulnerability exists in versions of Commvault prior to 11.36.60 that stems from insufficient input validation leading to command line parameter injection or manipulation, which could result in a...

6.9CVSS7.2AI score0.20719EPSS
Exploits3References3
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.4 views

Cisco Secure Firewall Management Center和Cisco Secure Firewall Threat Defense 操作系统命令注入漏洞

Cisco Secure Firewall Management Center and Cisco Secure Firewall Threat Defense are both products of Cisco Corporation.Cisco Secure Firewall Management Center is a powerful Cisco Secure Firewall Threat Defense is an integrated firewall platform. Cisco Secure Firewall Management Center and Cisco...

6CVSS7.7AI score0.00162EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:49 p.m.8 views

CVE-2021-43286

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...

8.8CVSS7.7AI score0.02715EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:15 p.m.11 views

CVE-2020-13167

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...

9.8CVSS8.3AI score0.95415EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2025/04/07 12:0 a.m.7 views

The vulnerability of the “Open Git Repository in Terminal” control element, a extension for the JupyterLab web-oriented interactive development environment, allows an attacker to gain access to and modify data, as well as execute arbitrary commands.

The vulnerability of the “Open Git Repository in Terminal” control element in the JupyterLab-Git web-oriented interactive development environment is related to the failure to implement measures to neutralize special elements used in the operating system command line. Exploiting this vulnerability...

7.4CVSS7.5AI score0.00557EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 7:39 p.m.10 views

CVE-2022-39243

NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's...

9.8CVSS7.1AI score0.01177EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:32 a.m.6 views

CVE-2024-45720

On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables e.g., svn.exe, etc. may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line...

8.2CVSS7.2AI score0.00604EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/09 12:33 a.m.23 views

CVE-2024-27980

Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...

8.1CVSS0.01387EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.2 views

PT-2024-31739

Name of the Vulnerable Software and Affected Versions: Apache Subversion versions up to and including 1.14.3 Description: On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables may lead to unexpected command line argument...

8.2CVSS6AI score0.00604EPSS
Exploits0References24
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.241 views

PostgreSQL Database Name Command Line Flag Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PostgreSQL Database Name Command Line Flag Injection', 'Description' = %q This module can identify PostgreSQL 9.0, 9.1, and 9.2 servers that are...

6.5CVSS6.9AI score0.54312EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2024/06/20 12:0 a.m.20 views

Debian dla-3838 : composer - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3838 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3838-1 [email protected]...

8.8CVSS8AI score0.03255EPSS
Exploits0References6
Debian
Debian
added 2024/06/19 7:56 p.m.7 views

[SECURITY] [DLA 3838-1] composer security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3838-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb June 19, 2024 https://wiki.debian.org/LTS -...

8.8CVSS6.5AI score0.03255EPSS
Exploits0
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.7 views

D-Link DIR-2150 安全漏洞

D-Link DIR-2150 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-2150 that stems from a cli command injection remote code execution vulnerability...

8CVSS7.5AI score0.00997EPSS
Exploits0References2
Debian
Debian
added 2024/03/25 12:47 p.m.26 views

[SECURITY] [DLA 3773-1] freeipa security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3773-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 25, 2024 https://wiki.debian.org/LTS -...

5.3CVSS5.3AI score0.0111EPSS
Exploits1
CNNVD
CNNVD
added 2023/08/09 12:0 a.m.17 views

Paessler PRTG Network Monitor Command Injection Vulnerability

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. A command injection vulnerability exists in Paessler PRTG Network Monitor version 23.2.83.1760, which stems from command line parameter injection and undocumented debug feature flag...

7.2CVSS7.7AI score0.12342EPSS
Exploits3References3
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/05/05 5:0 a.m.31 views

Bullied by Bugcrowd over Kape CyberGhost disclosure

TL;DR The CyberGhost VPN client suffers from an elevation of privilege vulnerability and is filed under CVE-2023-30237. A specially crafted JSON payload sent to the CyberGhost RPC service can lead to command line injection when the OpenVPN process is launched, leading to full system compromise. T...

4.3CVSS8.3AI score0.00401EPSS
Exploits1
Rows per page
Query Builder