EUVD-2024-55323

reNgine 2.2.0 contains a command injection vulnerability in the nmapcmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmapcmd parameter with malicious base64-encoded payloads to achieve remote code execution duri...

CVE-2024-58287

reNgine 2.2.0 contains a command injection vulnerability in the nmapcmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmapcmd parameter with malicious base64-encoded payloads to achieve remote code execution duri...

CVE-2024-58287 reNgine 2.2.0 Authenticated Command Injection via Scan Engine Configuration

reNgine 2.2.0 contains a command injection vulnerability in the nmapcmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmapcmd parameter with malicious base64-encoded payloads to achieve remote code execution duri...

PT-2025-50741

Name of the Vulnerable Software and Affected Versions reNgine version 2.2.0 Description The software contains a command injection issue in the nmap cmd parameter within the scan engine configuration. Authenticated attackers can execute arbitrary commands by modifying the nmap cmd parameter with...

EUVD-2010-3660

Malware in sbrugna...

CVE-2023-32271

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of reques...

Arbitrary file deletion

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

CVE-2023-32615

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

PT-2023-25084 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 18.00.0072 Description: An improper resource allocation issue exists in the OAS Engine configuration management functionality. A specially crafted series of network requests can lead to the creati...

PT-2023-23912 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 18.00.0072 Description: A file write vulnerability exists in the OAS Engine configuration functionality. This issue can be triggered by a specially crafted series of network requests, leading to...

CVE-2022-25967

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

CVE-2022-25967

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

PT-2022-17655 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 16.00.0112 Description: A cleartext transmission of sensitive information issue exists in the OAS Engine configuration communications functionality. This can be exploited through a targeted networ...

Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals

Impact There exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a VMExternRef via an uninitialized pointer. As instance slots may be reused between...

Squirrelly 信息泄露漏洞

npm Npm squirrelly is an application from the American company npm. It provides a modern, configurable and powerful Express template engine implemented in JavaScript. Squirrelly suffers from an information disclosure vulnerability that stems from mixing pure template data with engine configuratio...

Centreon 19.10.5 Remote Command Execution

Exploit Title: Centreon 19.10.5 - Remote Command Execution Date: 2020-01-27 Exploit Author: Fabien AUNAY, Omri BASO Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Remote Command Execution...

CVE-2016-5411

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer QCI before 1.0 GA is created world readable and contains the root password of the deployed system...