CVE-2025-49008

CVE-2025-49008 affects Atheos, a self-hosted browser-based cloud IDE. Prior to version 6.0.4, improper use of escapeshellcmd() in /components/codegit/traits/execute.php enables argument injection and arbitrary command execution. The vulnerability could lead to data breaches or server compromise f...

CVE-2023-48784

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...

CVE-2020-23583

OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diagpingadmin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system...

CVE-2020-9047

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could...

Command Execution Vulnerability in MaxKB at Hangzhou Feizhiyun Information Technology Co.

MaxKB is an open source knowledge base Q&A system based on big language model and RAG under Hangzhou Feizhiyun Information Technology Co. MaxKB has a command execution vulnerability that can be exploited by an attacker to execute arbitrary commands...

CVE-2024-56346 IBM AIX command execution

IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls...

Linux Distros Unpatched Vulnerability : CVE-2015-8560

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attacke...

Ray cpu_profile Command Injection Exploit

This Metasploit module demonstrates a command injection vulnerability in Ray via cpuprofile. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray cpuprofile command injection', 'Description' = %...

PT-2024-37182 · Devika · Devika

Name of the Vulnerable Software and Affected Versions: stitutionai/devika version ecee79f Description: The issue arises from an unprotected WebSocket connection, allowing a malicious website to connect to the backend and issue commands on behalf of the user. This enables the malicious website to...

Exploit for Improper Check for Unusual or Exceptional Conditions in Vyperlang Vyper

CVE-2024-24576-Poc-Python A quick POC for the vulnerability di...

CVE-2022-45094

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 1. An authenticated remote attacker with access to the Web Based Management 443/tcp of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might...

Metasploit Weekly Wrap-Up

Bofloader - Windows Meterpreter Gets Beacon Object File Loader Support This week brings a new and frequently requested feature to the Windows Meterpreter, the Beacon Object File loader. This new extension, bofloader, allows for users to execute Beacon Object Files as written for either Cobalt...

CVE-2022-31308

A vulnerability in livemfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function...

Design/Logic Flaw

A vulnerability in livecheck.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2021-32605

zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block...

CVE-2018-19239

TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the startarpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters dhcpdstart, dhcpdend, and lanipaddr passed to the apply.cgi binary through a POST...

Time Of Check To Time Of Use (TOCTOU)

chownr is vulnerable to the time of check to time of use TOCTOU race condition.The library uses predictable filenames in /tmp, allowing a malicious user to change the group ownership of an arbitrary file by replacing a non-symlink file with a symlink file during the execution of the chown command...

Debian DSA-4145-1 : gitlab - security update

Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code : - CVE-2017-0915/ CVE-2018-3710 Arbitrary code execution in project import. - CVE-2017-0916 Command injection via Webhooks. - CVE-2017-0917 Cross-site scripting in CI job output. - CVE-2017-0918...

sNews CMS 1.7.1 CSRF / Cross Site Scripting / Code Execution

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type: =================================== Persistent...

CVE-2013-2208

tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file...