CVE-2009-20010

Dogfood CRM 2.0.10 suffers a remote command execution vulnerability in the spell.php script used by its mail subsystem. The flaw arises from unsanitized user input passed via a POST to the data parameter, which is then processed by the underlying shell without proper escaping, enabling attackers ...

CVE-2009-20010

Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate...

CVE-2009-20011

ContentKeeper Web Appliance (now Impero Software) versions prior to 125.10 are vulnerable to remote command execution via insecure handling of uploads in the mimencode CGI utility. Unauthenticated attackers can upload and execute arbitrary scripts as the Apache user; the exploit may optionally es...

CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

CVE-2005-10004 Cacti graph_view.php RCE via graph_start Parameter Injection

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

CVE-2025-54945

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...

CVE-2025-54945

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...

Cacti 安全漏洞

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool fetches data via snmpget, uses RRDtool to draw graphs for analysis, and provides data and user management features. A security vulnerability exists in versions prior to Cacti 0.8.6-d, which...

SourceForge Dogfood CRM 安全漏洞

SourceForge Dogfood CRM is a SourceForge open source information management system. A security vulnerability exists in SourceForge Dogfood CRM version 2.0.10, which stems from insufficient cleanup of the data parameter in the spell.php script, which could lead to remote command execution...

PT-2025-35366

Name of the Vulnerable Software and Affected Versions: Dogfood CRM version 2.0.10 Description: Dogfood CRM version 2.0.10 contains a remote command execution issue in the spell.php script used by its mail subsystem. The flaw is due to unsanitized user input passed via a POST request to the data...

PT-2025-35339

Name of the Vulnerable Software and Affected Versions SUNNET Corporate Training Management System versions prior to 10.11 Description A file name or path vulnerability exists in SUNNET Corporate Training Management System that allows remote attackers to execute arbitrary system commands via a...

PT-2025-35362

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 0.8.6-d Description Cacti versions prior to 0.8.6-d contain a remote command execution issue in the graph view.php script. An authenticated user can inject arbitrary shell commands via the graph start GET parameter, whi...

Linux Distros Unpatched Vulnerability : CVE-2020-14295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the...

Linux Distros Unpatched Vulnerability : CVE-2022-45145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file. CVE-2022-451...

Linux Distros Unpatched Vulnerability : CVE-2018-12483

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscoveranalyser rzo GET...

Linux Distros Unpatched Vulnerability : CVE-2019-14868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environme...

Linux Distros Unpatched Vulnerability : CVE-2021-22879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote...

CVE-2025-9377

The authenticated remote command execution RCE vulnerability exists in the Parental Control page on TP-Link Archer C7EU V2 and TL-WR841N/NDMS V9. This issue affects Archer C7EU V2: before 241108 and TL-WR841N/NDMS V9: before 241108. Both products have reached the status of EOL end-of-life. It's...

CVE-2025-9377

The authenticated remote command execution RCE vulnerability exists in the Parental Control page on TP-Link Archer C7EU V2 and TL-WR841N/NDMS V9. This issue affects Archer C7EU V2: before 241108 and TL-WR841N/NDMS V9: before 241108. Both products have reached the status of EOL end-of-life. It's...