15273 matches found
CVE-2010-20103 ProFTPD 1.3.3c Backdoor Command Execution
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows...
Spree Commerce 安全漏洞
Spree Commerce is an e-commerce platform from Spree Open Source. A security vulnerability exists in Spree Commerce versions prior to 0.50.x. The vulnerability stems from improper input cleanup in the API search function and could lead to remote command execution...
PT-2025-34109 · Undefined · Undefined
The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...
PT-2025-34107 · Undefined · Undefined
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstance eval parameter, which is dynamically invoked using Ruby’s send method. Th...
Spree Commerce is vulnerable to RCE through Search API
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...
Spree Commerce is vulnerable to RCE through Search API
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...
Linux Distros Unpatched Vulnerability : CVE-2021-38173
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...
CVE-2011-10017
Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...
CVE-2011-10019
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
CVE-2025-43989
The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the settimesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie bypassing normal session checks, an...
CVE-2025-20265
CVE-2025-20265 affects Cisco Secure Firewall Management Center (FMC) Software, via the RADIUS subsystem; unauthenticated, remote attackers can inject and execute arbitrary shell commands with high privileges when FMC is configured for RADIUS authentication on the web interface or SSH. Root cause:...
GHSA-2VV2-3X8X-4GV7 Flowise OS command remote code execution
The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...
PT-2025-33282 · Kuwfi · Kuwfi Gc111
Name of the Vulnerable Software and Affected Versions: KuWFi GC111 versions GC111-GL-LM321 V3.0 20191211 Description: The KuWFi GC111 device is susceptible to unauthorized command execution. A crafted POST request to the /goform/goform set cmd process API endpoint, utilizing the SSID parameter,...
PT-2025-33335
Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall Management Center FMC Software versions 7.0.7 and 7.7.0 Description A vulnerability exists in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center FMC Software that could allow an unauthenticated...
GHSA-97VM-C39P-JR86 Spree has Remote Command Execution vulnerability in search functionality
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
Spree has Remote Command Execution vulnerability in search functionality
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
CVE-2011-10019
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
CVE-2011-10017
Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...
CVE-2011-10019 Spreecommerce < 0.60.2 Search Parameter RCE
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
CVE-2011-10019 Spreecommerce < 0.60.2 Search Parameter RCE
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...