EUVD-2026-27009

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the extractLLM function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to...

AgentScope Vulnerable to Remote Code Injection

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...

GHSA-CR24-FV3H-8CJM AgentScope Vulnerable to Remote Code Injection

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...

Arbitrary Code Injection

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Arbitrary Code Injection via the executeshellcommand function. An attacker can execute arbitrary code by supplying crafted input remotely. Remediation There is no...

CVE-2026-6603 modelscope agentscope _python.py execute_shell_command code injection

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...

AgentScope 安全漏洞

AgentScope is an open-source application developed by ModelScope. It simplifies the development of multi-agent applications based on LLMs. Versions of AgentScope prior to 1.0.18 contain security vulnerabilities, which stem from incorrect operations on the function...

CVE-2020-5722

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...

OESA-2024-1159 aops-ceres security update

An agent which needs to be adopted in client, it managers some plugins, such as gala-gopherkpi collection, fluentdlog collection and so on. Security Fixes: In versions 1.3.0-1.4.1 of the ceres software package, the executeshellcommand function does not properly verify or filter the command or...

TFTP Fetch, Linux Command Shell, Reverse TCP Stager

Fetch and execute a x86 payload from a TFTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/tftp/x86/shell/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid...

CiscoExploit

This is a collection of three separate tools for exploiting vulnerabilities in Cisco devices. The tools are: 1. CiscoRV320Dump-master: This tool is designed to dump the configuration of a Cisco RV320 router. It includes a script called dumpconfig.py that extracts the configuration from the router...

CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

D-Link DIR-806 Code Injection Vulnerability

The D-Link DIR-806 is a wireless router from AUO D-Link of Taiwan, China. A code injection vulnerability exists in the D-Link DIR-806. A remote attacker can exploit this vulnerability to execute arbitrary shell commands...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0035)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent...

IRIX - execve (/bin/sh -c) Shellcode (72 bytes)

char cmdshellcode= "\x04\x10\xff\xff" / bltzal $zero, / "\x24\x02\x03\xf3" / li $v0,1011 / "\x23\xff\x08\xf4" / addi $ra,$ra,2292 / "\x23\xe4\xf7\x40" / addi $a0,$ra,-2240 / "\x23\xe5\xfb\x24" / addi $a1,$ra,-1244 / "\xaf\xe4\xfb\x24" / sw $a0,-1244$ra / "\x23\xe6\xf7\x48" / addi $a2,$ra,-2232 /...

semcms the background to bypass getshell

No description provided by source...

CVE-2017-3796

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6...

Linux/x86 - TCP Reverse Shellcode (75 bytes)

/ Linux x86 TCP Reverse Shellcode 75 bytes Author: sajith Tested on: i686 GNU/Linux Shellcode Length: 75 SLAE - 750 ------------c prog ---poc by sajith shetty---------- include include include include int mainvoid int sockfiledes; struct sockaddrin sockad; //1 create socket connection //Man page:...

ActFax-FTP-Server

This module exploits a stack-based buffer overflow in actfax ftp Server version 4.27 and earlier. Actfax fails to check input size when parsing 'USER' command. ToDo: Add Execute Shell ToDo: Test Targets...

Debian: Security Advisory (DSA-2182-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

linux/x86 setresuid0,0,0 /bin/sh shellcode 35 bytes

linux/x86 setresuid0,0,0 /bin/sh shellcode 35 bytes. Shellcode exploit for linx86 platform ========================================================== linux x86 setresuid0,0,0-/bin/sh shellcode 35 bytes ========================================================== Shellcode by the FHM crew:...