CVE-2011-10019

Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...

CVE-2011-10017

Snort Report is vulnerable in versions prior to 1.3.2 due to improper sanitization in the nmap.php and nbtscan.php scripts. The vulnerability allows remote command execution via the target GET parameter with no authentication, potentially resulting in full system compromise. Public reports and CV...

CVE-2011-10017 Snort Report nmap.php/nbtscan.php RCE

Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...

CVE-2011-10017

Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...

CVE-2011-10017 Snort Report nmap.php/nbtscan.php RCE

Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...

Spree Commerce 安全漏洞

Spree Commerce is an e-commerce platform from Spree Open Source. A security vulnerability exists in Spree Commerce versions prior to 0.60.2 that stems from the search function not cleaning up inputs, which could lead to remote command execution...

Snort Report 安全漏洞

Snort Report is an inspection report management system from the Snort team. A security vulnerability exists in Snort Report versions prior to 1.3.2 that stems from the nmap.php and nbtscan.php scripts not being cleaned of user input, which could lead to remote command execution...

NVIDIA Triton Inference Server HTTP Service Input Validation Vulnerability

Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. An input...

PT-2025-33088 · Unknown · Spree Commerce

Name of the Vulnerable Software and Affected Versions: Spreecommerce versions prior to 0.60.2 Description: Spreecommerce versions prior to 0.60.2 contain a remote command execution issue in the search functionality. The application does not properly sanitize input passed via the searchsend...

N-able N-Central Insecure Deserialization Vulnerability

N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution...

Komari vulnerable to Cross-site WebSocket Hijacking

Summary WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated users Details https://github.com/komari-monitor/komari/blob/bd5a6934e1b79a12cf1e6a9bba5372d0e04f3abc/api/terminal.goL33-L35 Any third party website can send request...

GHSA-Q355-H244-969H Komari vulnerable to Cross-site WebSocket Hijacking

Summary WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated users Details https://github.com/komari-monitor/komari/blob/bd5a6934e1b79a12cf1e6a9bba5372d0e04f3abc/api/terminal.goL33-L35 Any third party website can send request...

Linux Distros Unpatched Vulnerability : CVE-2023-52138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve...

GO-2025-3844 RatPanel can perform remote command execution without authorization in github.com/tnborg/panel in github.com/TheTNB/panel

RatPanel can perform remote command execution without authorization in github.com/tnborg/panel in github.com/TheTNB/panel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...

GHSA-2VCF-QXV3-2MGW Craft CMS has a theoretical bypass for CVE-2025-23209

Pre-requisites: Have a compromised security key https://craftcms.com/knowledge-base/securing-craftkeep-your-secrets-secret Somehow, manage to create an arbitrary file in Craft’s /storage/backups folder. With those two pieces in place, you could create a specific, malicious request to the...

The vulnerability of the lxmldbc_system function in D-Link DIR‑817L router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the lxmldbcsystem function in D-Link DIR-817L router microprogramming software is related to the lack of measures taken at the control level to clean data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability in the pppoe.cgi script of Netgear DGN2200B router software allows a hacker to execute arbitrary commands.

The vulnerability of the pppoe.cgi script of the Netgear DGN2200B router operating system is related to the failure to take measures to neutralize special elements used in the operating system when processing the pppoeusername parameter. Exploiting this vulnerability allows a remote attacker to...

The vulnerability of the web interface of D-Link DIR-300 and DIR-600 microprogrammed software routers allows a hacker to execute arbitrary commands.

The vulnerability of the web interfaces of D-Link DIR-300 and DIR-600 microprogrammed software routers is related to the failure to eliminate special elements used in the operating system’s processing of the pingIp parameter. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability in the setup.cgi script of Netgear DGN1000B router software allows a hacker to execute arbitrary commands.

The vulnerability in the setup.cgi script of Netgear DGN1000B router microprogramming software relates to the failure to take measures to neutralize special elements used in the operating system’s command for handling the TimeToLive parameter. Exploiting this vulnerability allows a remote attacke...

The vulnerability of the ui_get_input_value() function in Netgear WG302v2 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the uigetinputvalue function in Netgear WG302v2 router microprogramming software is related to the lack of measures taken to clean data at the control level when processing the host parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...