The vulnerability of the web interface of the IBM Sterling B2B Integrator software allows a perpetrator to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the web interface of the IBM Sterling B2B Integrator software solution relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code and gain unauthorized access to protected...

CVE-2025-45854

/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams...

CVE-2025-27954

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx...

CVE-2025-27953

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component...

CVE-2025-27953

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component...

SolarWinds DameWare Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds DameWare Mini Remote Control Service. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

Malicious code in openkitjs-simple-sample (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b86b90f2ffa63945be2355f5639543a032f0a57ea59dabe377573e35e9d6507b The OpenSSF Package Analysis project identified...

PHP Exec

Execute a PHP payload as an OS command from a Posix-compatible shell Module Options msf use payload/cmd/unix/php/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and...

PHP Exec, PHP Meterpreter, Bind TCP Stager with UUID Support

Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Listen for a connection with UUID Support Module Options msf use payload/cmd/unix/php/meterpreter/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION...

PHP Exec, PHP Command Shell, Bind TCP (via perl) IPv6

Execute a PHP payload from a command. Listen for a connection and spawn a command shell via perl persistent over IPv6 Module Options msf use payload/cmd/unix/php/bindperlipv6 msf payloadbindperlipv6 show actions ...actions... msf payloadbindperlipv6 set ACTION msf payloadbindperlipv6 show options...

PHP Exec, PHP Meterpreter, PHP Reverse TCP Stager

Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Reverse PHP connect back stager with checks for disabled functions Module Options msf use payload/cmd/unix/php/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf...

PHP Exec

Execute a PHP payload as an OS command from a Posix-compatible shell Module Options msf use payload/cmd/unix/php/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options ...show and set options... msf payloaddownloadex...

PHP Exec, PHP Meterpreter, Bind TCP Stager

Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Listen for a connection Module Options msf use payload/cmd/unix/php/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show option...

PHP Exec, PHP Execute Command

Execute a PHP payload as an OS command from a Posix-compatible shell. Execute a single system command Module Options msf use payload/cmd/unix/php/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run...

The vulnerability of the UpdateWebServerGatewaySettings method in the software for managing and monitoring remote objects in telemetry and telemechanics systems, allowing a hacker to bypass security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the UpdateWebServerGatewaySettings method in the software for managing and monitoring remote devices in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to...

PT-2025-23211

Name of the Vulnerable Software and Affected Versions Santesoft Sante DICOM Viewer Pro affected versions not specified Description The issue is a memory corruption vulnerability that could be exploited by a local attacker to potentially disclose information and execute arbitrary code on affected...

The vulnerability of the ImportCertificate method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the ImportCertificate method in software for managing and monitoring remote devices in telemetry and telemechanics systems related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

Malicious code in internal-lib-razor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0887160400effb60b7905dc584aa2b213c2c74f7696f2c61b798e64d94ef1fec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-57337

An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file...

CVE-2025-41651

Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise...