SUNNET Wisdom Master Pro 安全漏洞

SUNNET Wisdom Master Pro is a Wisdom Master management platform from SUNNET. A security vulnerability exists in SUNNET Wisdom Master Pro 5.2 and earlier versions, which stems from improper control of included or referenced filenames in a PHP program, and could lead to the execution of arbitrary...

PT-2025-16885 · Wallos · Wallos

Name of the Vulnerable Software and Affected Versions: Wallos versions 2.38.2 and earlier Description: The issue allows authenticated users to upload malicious files to the server through the restore backup function by uploading a ZIP file. The contents of the ZIP file are extracted on the server...

LRQA Nettitude PoshC2 安全漏洞

LRQA Nettitude PoshC2 is an agent-aware C2 framework from LRQA used to help penetration testers with red teaming, late exploits, and lateral movement. A security vulnerability exists in LRQA Nettitude PoshC2 that stems from allowing an unauthenticated attacker to connect to the C2 server and...

The vulnerability of the E-Staff automation system for recruitment processes is related to errors in XML data filtering during document printing, allowing a perpetrator to execute arbitrary commands.

The vulnerability of the E-Staff recruitment process automation system is related to errors in XML data filtering during document printing. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary commands by sending a specially crafted XML document...

CVE-2025-28137

The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28137

The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28137

The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28137

The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28137

The CVE-2025-28137 entry concerns TOTOLINK A810R firmware (example: V4.1.2cu.5182_B20201026) with a pre-auth remote command execution in the setNoticeCfg function via the NoticeUrl parameter. Affected component: setNoticeCfg. Root cause: failure to properly filter special characters in NoticeUrl ...

📄 Adapt Authoring Tool 0.11.3 Remote Command Execution

Adapt Authoring Tool version 0.11.3 suffers from a remote command execution vulnerability. Exploit Title: Adapt Authoring Tool 0.11.3 - Remote Command Execution RCE Date: 2024-11-24 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.adaptlearning.org/ Software Link:...

Adapt Authoring Tool 0.11.3 - Remote Command Execution (RCE)

Exploit Title: Adapt Authoring Tool 0.11.3 - Remote Command Execution RCE Date: 2024-11-24 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.adaptlearning.org/ Software Link: https://github.com/adaptlearning/adaptauthoring Version: 0.11.3 CVE Identifier: CVE-2024-50672 , CVE-2024-50671...

📄 GestioIP 3.5.7 Remote Command Execution

GestioIP version 3.5.7 suffers from a remote command execution vulnerability. Exploit Title: GestioIP 3.5.7 - Remote Command Execution RCE Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link:...

The vulnerability of the EMACS text editor arises from the lack of measures taken to eliminate special elements, allowing attackers to execute arbitrary commands.

The vulnerability of the EMACS text editor exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

GestioIP 3.5.7 - Remote Command Execution (RCE)

Exploit Title: GestioIP 3.5.7 - Remote Command Execution RCE Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760 Date: 2025-01-13...

PT-2025-17571 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 Description: The issue is a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter. This allows for remote command execution without prior...

PT-2025-16108 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an unauthenticated remote command execution. No information is provided about the estimated number of potentially affected devices worldwide or real-world...

The vulnerability of the recvSlaveUpgstatus() function in the TOTOLINK T8 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the recvSlaveUpgstatus function in the microprogramming software for TOTOLINK T8 routers is related to the lack of measures taken to clean data at the management level when processing the ip parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrar...

The vulnerability of the `setUpgradeFW()` function in TOTOLINK T8 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setUpgradeFW function in TOTOLINK T8 router microprogramming software is related to the lack of measures taken to clean data at the management level when processing the slaveIpList parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the meshSlaveDlfw() function in the microprogramming software for TOTOLINK T8 allows a hacker to execute arbitrary commands.

The vulnerability of the meshSlaveDlfw function in the microprogramming software for TOTOLINK T8 routers is related to the lack of measures taken to clean data at the management level when processing the serverIp parameter. Exploiting this vulnerability allows a remote attacker to execute arbitra...

The vulnerability of the recvSlaveCloudCheckStatus() function in the microprogramming software for TOTOLINK T8 allows a hacker to execute arbitrary commands.

The vulnerability of the recvSlaveCloudCheckStatus function in the microprogramming software for TOTOLINK T8 routers is related to the lack of measures taken to clean data at the management level when processing the ip parameter. Exploiting this vulnerability allows a remote attacker to execute...