14 matches found
EUVD-2025-21029
Malicious code in bioql PyPI...
CVE-2025-34102
A remote code execution vulnerability exists in CryptoLog PHP version, discontinued since 2009 due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in...
CVE-2025-34102
A remote code execution vulnerability exists in CryptoLog PHP version, discontinued since 2009 due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in...
CVE-2025-34102 CryptoLog Unauthenticated RCE via SQL Injection and Command Injection
A remote code execution vulnerability exists in CryptoLog PHP version, discontinued since 2009 due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in...
CVE-2025-34102
CVE-2025-34102 affects CryptoLog (PHP version); it enables unauthenticated remote code execution via a chained SQL injection (login.php) to bypass authentication, followed by a command injection (logshares_ajax.php) using the lsid parameter to execute commands as the web user. The exploit path re...
PT-2025-29144 · Cryptolog · Cryptolog
Name of the Vulnerable Software and Affected Versions: CryptoLog PHP version, affected versions not specified Description: A remote code execution issue exists in CryptoLog PHP version due to a combination of SQL injection and command injection vulnerabilities. An unauthenticated attacker can...
CRYPTTECH CryptoLog 安全漏洞
CRYPTTECH CryptoLog is a log management system from the Turkish company CRYPTTECH. A security vulnerability exists in CRYPTTECH CryptoLog that stems from SQL Injection and Command Injection issues that could lead to remote code execution...
Back Issues of the NSA's Cryptolog
Five years ago, the NSA published 23 years of its internal magazine, Cryptolog. There were lots of redactions, of course. What's new is a nice user interface for the issues, noting highlights and levels of redaction...
Crypttech CryptoLog Remote Code Execution
A sql injection vulnerability and a command injection vulnerability exist in Crypttech CryptoLog. The vulnerability is due to insufficient input validation in the application. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code in the context o...
Crypttech CryptoLog - Remote Code Execution (Metasploit)
Crypttech CryptoLog - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Crypttech CryptoLog Remote Code Execution", 'Description' = %q This module exploits the sql...
Crypttech CryptoLog - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Crypttech CryptoLog Remote Code Execution", 'Description' = %q This module exploits the sql injection and command injection vulnerability of...
Crypttech CryptoLog Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Crypttech CryptoLog Remote Code Execution", 'Description' = %q This module exploits the sql injection and command injection vulnerability of...
Crypttech CryptoLog Remote Code Execution Exploit
This Metasploit module exploits the sql injection and command injection vulnerability of CryptoLog. An un-authenticated user can execute a terminal command under the context of the web user. login.php endpoint is responsible for login process. One of the user supplied parameter is used by the...
Crypttech CryptoLog Remote Code Execution
This module exploits a SQL injection and command injection vulnerability in the PHP version of CryptoLog. An unauthenticated user can execute a terminal command under the context of the web user. These vulnerabilities are no longer present in the ASP.NET version CryptoLog, available since 2009...