15 matches found
EUVD-2025-21031
Malicious code in bioql PyPI...
CVE-2025-34095
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute code, which is then persisted on...
CVE-2025-34095
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute code, which is then persisted on...
CVE-2025-34095 Mako Server v2.5 and v2.6 OS Command Injection via examples/save.lsp
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute code, which is then persisted on...
CVE-2025-34095 Mako Server v2.5 and v2.6 OS Command Injection via examples/save.lsp
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute code, which is then persisted on...
CVE-2025-34095
An OS command injection exists in Real Time Logic Mako Server v2.5 and v2.6 via the examples/save.lsp tutorial interface. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute() code, which is persisted on disk and later executed when a GET is issued to ex...
Real Time Logic Mako Server 操作系统命令注入漏洞
Real Time Logic Mako Server is a lightweight Lua-based web framework from Real Time Logic, Inc. A security vulnerability exists in Real Time Logic Mako Server versions 2.5 and 2.6 that stems from a command injection issue in the examples/save.lsp endpoint that could lead to remote code execution...
PT-2025-29137 · Unknown · Mako Server
Name of the Vulnerable Software and Affected Versions: Mako Server versions 2.5 and 2.6 Description: An OS command injection vulnerability exists within the tutorial interface. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute code to the...
Mako Server Remote Command Execution
A command execution vulnerability exists in Mako. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Mako Server v2.5, 2.6 OS Command Injection RCE
This module exploits a vulnerability found in Mako Server v2.5, 2.6. It's possible to inject arbitrary OS commands in the Mako Server tutorial page through a PUT request to save.lsp. Attacker input will be saved on the victims machine and can be executed by sending a GET request to manage.lsp. Th...
Mako Server 2.5 - OS Command Injection Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mako Server v2.5 OS Command Injection RCE', 'Description' = %q This module exploits a vulnerability found in Mako Server v2.5. It's possible to...
Mako Server 2.5 Command Injection Exploit
This Metasploit module exploits a vulnerability found in Mako Server version 2.5. It's possible to inject arbitrary OS commands in the Mako Server tutorial page through a PUT request to save.lsp. Attacker input will be saved on the victims machine and can be executed by sending a GET request to...
Mako Server 2.5 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mako Server v2.5 OS Command Injection RCE', 'Description' = %q This module exploits a vulnerability found in Mako Server v2.5. It's possible to...
Mako Server SSRF / Disclosure / Code Execution
SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3391 + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MAKO-WEB-SERVER-MULTIPLE-UNAUTHENTICATED-VULNERABILIITIES-SECURITEAM.txt + ISR: ApparitionSec...
Mako Web Server 2.5 - Multiple Vulnerabilities
SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3391 + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MAKO-WEB-SERVER-MULTIPLE-UNAUTHENTICATED-VULNERABILIITIES-SECURITEAM.txt + ISR: ApparitionSec...