EUVD-2018-21786

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...

CVE-2017-20221

The connected docs confirm a CSRF vulnerability in Telesquare SKT LTE Router SDT-CS3B1 (fw v1.2.0). Authenticated attackers can abuse missing request validation to cause arbitrary system command execution with router privileges by visiting a malicious page that triggers administrative actions. Th...

PT-2026-24241

Уязвимость микропрограммного обеспечения коммутаторов Fortinet FortiSwitchAXFixed связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю выполнить произвольные системные команды с помощью специально созданного конфигурационного файла SSH...

EUVD-2020-31045

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters...

CVE-2020-37123

CVE-2020-37123 affects Pinger 1.0 and describes a remote code execution vulnerability. The issue arises from unsanitized input in ping.php, enabling an attacker to inject shell commands, write arbitrary PHP files, and execute system commands by appending shell metacharacters. The entry indicates ...

CVE-2020-37032

Wing FTP Server 6.3.8 is affected by a remote code execution flaw in the Lua-based web console. The issue allows authenticated users to send crafted POST requests that trigger operating system commands via os.execute(), enabling arbitrary code execution on the server. Affected component: Lua-base...

CVE-2025-31342

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...

EUVD-2018-5266

Malware in sbrugna...

CVE-2025-53970

SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges...

CVE-2025-53970

CVE-2025-53970 affects SS1 versions 16.0.0.10 and earlier (Media 16.0.0a and earlier) from DOS Co., Ltd. A remote unauthenticated attacker can upload arbitrary files and execute OS commands with SYSTEM privileges. Multiple sources (NVD, Red Hat, JVN, CIRCL, PT Security, etc.) corroborate the vuln...

PT-2024-17692 · Smartrobot · Smartrobot'S Conversational Ai Platform

Name of the Vulnerable Software and Affected Versions: SmartRobot's Conversational AI Platform versions prior to 7.2.0 Description: A Code Injection vulnerability exists in the groovy script function of SmartRobot's Conversational AI Platform, allowing remote authenticated users to perform...

CHANGING Mobile One Time Password Code Issue Vulnerability

CHANGING Mobile One Time Password is a password management application from the Chinese company CHANGING Mobile. It is used to set one-time passwords for authentication or transactions. A code issue vulnerability exists in CHANGING Mobile One Time Password, which stems from the upload function on...

PT-2024-26892 · Unknown · Wrc-X5400Gsa-B

Name of the Vulnerable Software and Affected Versions: WRC-X5400GS-B versions 1.0.10 and earlier WRC-X5400GSA-B versions 1.0.10 and earlier Description: The issue allows a network-adjacent attacker with administrative privilege to execute arbitrary OS commands by sending a specially crafted reque...

CVE-2023-38030

CVE-2023-38030 affects Saho ADM100 and ADM-100FP devices. The vulnerability is missing authentication for critical functions, enabling an unauthenticated remote attacker to execute system commands via partial URLs and read sensitive device information. Affected versions are not specified in the p...

The vulnerability of the Python programming language interpreter arises from memory management errors after memory is freed, allowing attackers to execute operating system commands.

The vulnerability of the Python programming language interpreter arises from a mistake in memory management after the memory is freed. Exploiting this vulnerability allows an attacker to execute operating system commands through the Python interpreter, bypassing the standard mechanism for importi...

Sql injection

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerTCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

Sql injection

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26514 Delta Electronics DIAEnergie SQL Injection in DIAE_tagHandler.ashx

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in DIAEtagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

The vulnerability of the threat detection mechanism of Microsoft Defender for IoT, which stems from the lack of proper validation of the user-inputted string, allows attackers to escalate their privileges or execute arbitrary code.

The vulnerability of the Microsoft Defender for IoT’s threat detection mechanism is related to the lack of proper validation of the string entered by the user before it is used to execute system commands. Exploiting this vulnerability can allow attackers to enhance their privileges or execute...

Code Execution Vulnerability in EmpireCMS v7.5 Backend

EmpireCMS is an open source software program that runs on a PHP MySQL database. A code execution vulnerability exists in the EmpireCMS v7.5 backend, which can be exploited by an attacker to upload Trojan horse files and execute system commands...