Xlight FTP Server 安全漏洞

Xlight FTP Server is an FTP server software from Xlight open source. A security vulnerability exists in Xlight FTP Server version 3.9.3.6, which stems from a stack buffer overflow in the Execute Program configuration that could cause the application to crash...

PT-2025-51304

Name of the Vulnerable Software and Affected Versions Xlight FTP Server version 3.9.3.6 Description Xlight FTP Server 3.9.3.6 contains a stack buffer overflow issue in the 'Execute Program' configuration. An attacker can cause a denial of service by providing 294 characters to the program executi...

PT-2025-51303

Name of the Vulnerable Software and Affected Versions Webutler version 3.2 Description Webutler version 3.2 has a flaw that permits authenticated administrators to upload PHP files capable of executing system commands. An attacker can upload a PHAR file containing embedded system commands through...

CVE-2025-36743 SolarEdge SE3680H - Exposed Debug interface

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

CVE-2025-13155

An improper permissions vulnerability was reported in Lenovo Baiying Client that could allow a local authenticated user to execute code with elevated privileges...

CVE-2025-64994

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate...

EUVD-2025-202670

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate...

CVE-2025-64994

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate...

EUVD-2020-30835

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write a...

CVE-2025-64817

Adobe Experience Manager (AEM) 6.5.23 and earlier is affected by CVE-2025-64817, a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The issue allows a low-privileged attacker to inject malicious scripts that can execute in a victim’s browser when visiting a page containi...

CVE-2025-62552

Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally...

TFTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an PPC payload from an TFTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/tftp/ppc/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show...

HTTPS Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an MIPSLE payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/https/ppc/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...

EUVD-2025-202270

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...

CVE-2025-12946

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques MiTM to manipulate DNS responses and execute commands when speedtests are run. This issue...

CVE-2025-41693

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...

CVE-2025-41693

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...

CVE-2025-66271

Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2022-50654

CVE-2022-50654 is a Linux kernel vulnerability fix. The available connected documents describe a concrete flaw: when livepatch and kretfunc coexist, the pageattr of im->image can be rox after arch_prepare_bpf_trampoline in bpf_trampoline_update. If modify_fentry or register_fentry returns -EAG...

PT-2025-50127

Name of the Vulnerable Software and Affected Versions Fortinet FortiExtender versions 7.0 through 7.2 Fortinet FortiExtender versions 7.4.0 through 7.4.7 Fortinet FortiExtender versions 7.6.0 through 7.6.3 Description An improper neutralization of special elements used in an OS command OS command...