PT-2025-15052 · Zendto · Zendto

Name of the Vulnerable Software and Affected Versions: ZendTo versions 5.24-3 through 6.x before 6.10-7 Description: An OS command injection issue in lib/NSSDropoff.php allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp name parameter when...

CVE-2021-47667

An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmpname parameter when dropping off a file via a POST /dropoff request...

The vulnerability in the J-Web management web interface of Juniper Networks Junos OS allows a perpetrator to execute arbitrary commands.

The vulnerability in the J-Web management web interface of Juniper Networks Junos OS relates to the failure to neutralize data in XPath expressions. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

BIT-APPSMITH-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system allows a perpetrator to execute arbitrary commands.

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system exists because measures to neutralize its special elements have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system allows a perpetrator to execute arbitrary commands.

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system exists because measures to neutralize its special elements have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability in the web interface of Netgear WNR854T router software allows a hacker to execute arbitrary commands and gain full control over the device.

The vulnerability of the web interface of Netgear WNR854T router software lies in the lack of measures to neutralize special elements used in the operating system’s commands when processing the wanhostname parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the AddPortMapping method in Netgear WNR854T router software allows a hacker to execute arbitrary commands.

The vulnerability of the AddPortMapping method in Netgear WNR854T router microprogramming software lies in the lack of measures to neutralize special elements used in the operating system’s commands when processing the NewInternalClient parameter. Exploiting this vulnerability allows a remote...

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system allows a perpetrator to execute arbitrary commands.

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system is related to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability in the cmd.cgi script of Netgear WNR854T router software allows a hacker to execute arbitrary commands.

The vulnerability in the cmd.cgi script of Netgear WNR854T router microprogramming software relates to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2025-2071 OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI

A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed direct...

CVE-2025-2071

CVE-2025-2071 pertains to the FAST LTA Silent Brick WebUI, where an OS command injection vulnerability exists due to improper handling of untrusted input passed to system-level commands. The flaw affects WebUI input handling for parameters such as “hd” and “pi” and could allow remote attackers to...

FAST LTA Silent Brick WebUI 安全漏洞

The FAST LTA Silent Brick WebUI is a web-based user interface for a Silent Brick data storage system from FAST LTA. A security vulnerability exists in FAST LTA Silent Brick WebUI versions prior to 2.63, which stems from operating system command injection and could allow a remote attacker to execu...

CVE-2025-28219

Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usbadv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request...

CVE-2025-28138

The TOTOLINK A800R V4.1.2cu.5137B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

Exploit for CVE-2025-2249

🔐 WordPress SoJ SoundSlides Plugin ⚠️ DISCLAIMER: This ex...

CVE-2025-28219

Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usbadv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request...

CVE-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...

CVE-2025-28219

Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usbadv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request...

CVE-2025-28138

The TOTOLINK A800R V4.1.2cu.5137B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...