The vulnerability of FortiWeb web applications’ network firewalls arises from incorrect processing of syntaxically incorrect structures, allowing attackers to bypass security restrictions and execute arbitrary commands.

The vulnerability of FortiWeb web applications’ network firewalls is related to the improper processing of syntaxically incorrect structures. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute arbitrary commands by sending specially crafted HTTP/S...

The vulnerability of FortiWeb web applications’ network firewalls arises from incorrect processing of syntaxically incorrect structures, allowing attackers to bypass security restrictions and execute arbitrary commands.

The vulnerability of FortiWeb web applications’ network firewalls is related to the improper processing of syntaxically incorrect structures. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute arbitrary commands by sending specially crafted HTTP/S...

The vulnerability of Microprogramming Software in the Wiren Board controller, related to access control errors, allows a intruder to execute arbitrary commands.

The vulnerability of Microprogramming software for Wiren Boards, related to access control errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending a specially crafted URL command remotely...

CVE-2023-20118

A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user...

CVE-2023-20026

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input with...

Backdrop CMS 1.27.1 Remote Command Execution

Backdrop CMS version 1.27.1 proof of concept remote command execution exploit for a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Backdrop CMS 1.27.1 PHP COd...

Craft CMS 3.9.14 Remote Command Execution

Craft CMS version 3.9.14 proof of concept remote command execution exploit that leverages a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Craft CMS 3.9.14...

PT-2025-14769 · Dell · Dell Powerprotect Data Domain

Name of the Vulnerable Software and Affected Versions: Dell PowerProtect Data Domain with Data Domain Operating System DD OS versions prior to 8.3.0.15 Description: The issue is related to insufficient granularity of access control. An authenticated user from a trusted remote client could exploit...

D Tale 3.15.1 Remote Command Execution

D Tale version 3.15.1 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.15.1 PHP code execution vulnerability | | Author : indoushka |...

Palo Alto GlobalProtect App Windows 6.0.x < 6.0.11 / 6.1.x < 6.1.6 / 6.2.x < 6.2.5 / 6.3.x < 6.3.3 Execution of Unsafe ActiveX Control (CVE-2025-0118)

The version of Palo Alto GlobalProtect App installed on the remote Windows host is 6.0.x prior to 6.0.11, 6.1.x prior to 6.1.6, 6.2.x prior to 6.2.5, or 6.3.x prior to 6.3.3. It is, therefore, affected by a remote command execution vulnerability: - A vulnerability in the Palo Alto Networks...

Commvault Critical Webserver Vulnerability (CV_2025_03_1)

A critical webserver vulnerability exists in Commvault. A remote attacker can exploit this to execute arbitrary commands. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

Cyber Panel 2.3.x Remote Command Execution

Cyber Panel version 2.3.x proof of concept remote command execution exploit that leverages three vulnerabilities discovered in 2024. ============================================================================================================================================= | Title : Cyber Panel...

The vulnerability of the PAN-OS OpenConfig Plugin in the PAN-OS operating system, related to the failure to eliminate special elements, allows a perpetrator to execute arbitrary commands.

The vulnerability of the PAN-OS OpenConfig Plugin in the PAN-OS operating system is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

VICIdial 2.14-917 Remote Command Execution

VICIdial version 2.14-917 proof of concept remote command execution exploit that takes advantage of a flaw originally found in 2024. ============================================================================================================================================= | Title : VICIdial v...

WordPress Bit File Manager 6.5.5 Race Condition / Code Injection

WordPress Bit File Manager plugin version 6.5.5 proof of concept race condition exploit that achieves remote code execution. ============================================================================================================================================= | Title : WordPress Bit File...

The vulnerability of the MFlash secure data exchange platform lies in the lack of mechanisms for neutralizing elements related to CSV files, allowing attackers to execute arbitrary commands.

The vulnerability of the MFlash secure messaging platform is related to the lack of mechanisms for neutralizing elements related to CSV files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Wp2Fac 1.0 Code Injection

Wp2Fac version 1.0 proof of concept code injection exploit that takes advantage of a flaw originally discovered by Ahmet Ümit Bayram in 2023. ============================================================================================================================================= | Title :...

The vulnerability of the integrated controller, Satellite Management Controller (SMC), in the microprogrammed software of AMD MI300X processors allows a hacker to execute arbitrary commands.

The vulnerability of the integrated controller, Satellite Management Controller SMC, in the microprogrammed software of AMD MI300X processors is related to insufficient verification of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

How to Create a Scan to Identify Remote Command Execution

This whitepaper covers how to create a scan in Perl to identify remote command execution in web applications. Depending on the context of the environment and architecture, the content of the paper can be applied to APIs in addition to presenting how to correct or avoid RCE problems at the code...

The vulnerability of the Microprogrammed Software for IP Cameras from Smartwares, models CIP-37210AT and C724IP, arises from the lack of measures to sanitize input data at the control level. This allows intruders to execute arbitrary commands.

The vulnerability of the Microprogrammed Software for Smartwares CIP-37210AT and C724IP cameras is related to the lack of measures for cleaning incoming data at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...