CVE-2024-53700

A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later...

Exploit for Improper Handling of Case Sensitivity in Apache Camel

PoC exploit for CVE-2025-27636, an Apache Camel vulnerability. T...

Advisory ROSA-SA-2025-2771

Software: python-setuptools 39.2.0 OS: ROSA Virtualization 3.0 packageevrstring: python-setuptools-39.2.0-8.0.1.rv30 CVE-ID: CVE-2024-6345 BDU-ID: 2024-05843 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the packageindex module of the setuptools project packaging simplification library is...

Exploit for CVE-2025-26055

CVE-2025-26055 CVE Description Author : Rohan Deshpande...

CVE-2024-50390

A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later...

CVE-2024-53692

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions:...

CVE-2024-53700

The CVE-2024-53700 entry describes a command injection affecting QHora/QNAP QuRouter, with remote attackers who have gained administrator access able to execute arbitrary commands. Affected software is QuRouter prior to 2.4.6.028; a fix is available in 2.4.6.028 and later. The vulnerability’s roo...

CVE-2024-53692 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions:...

CVE-2024-50390 QHora

A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later...

Webmin 2.202 Remote Command Execution

Webmin version 2.202 remote command execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Webmin 2.202 Reverse Shell attack | | Author : indoushka | |...

D Tale 3.10.0 Remote Command Execution

D Tale version 3.10.0 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.10.0 PHP code execution vulnerability | | Author : indoushka |...

Precurio Intranet Portal 4.4 Remote Command Execution

Precurio Intranet Portal version 4.4 suffers from a remote command execution vulnerability. Exploit Title: Precurio Intranet Portal 4.4 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Discovered Date: 05.03.2024 Vendor Homepage: https://www.precurio.com Software Link:...

Monstra CMS 3.0.4 Remote Command Execution

Monstra CMS version 3.0.4 proof of concept remote command execution exploit. Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Date: 05.03.2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested...

The vulnerability of the telnetd daemon in the microprogramming router Tenda AC15 allows a hacker to execute arbitrary commands.

The vulnerability of the telnetd microprogramming system for Tenda AC15 routers is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending specially crafted requests...

Security update for pcp

This update for pcp fixes the following issues: CVE-2024-45770: Fixed pmpost symlink attack allowing escalating pcp to root user bsc1230552. CVE-2024-45769: Fixed pmcd heap corruption through metric pmstore operations bsc1230551. CVE-2024-3019: Fixed exposure of the redis backend server allowing...

Linux Distros Unpatched Vulnerability : CVE-2024-47177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS system...

Linux Distros Unpatched Vulnerability : CVE-2024-3019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the...

The vulnerability of the set_add_routing function in the internet.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setaddrouting function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the sch_reboot() function in the adm.cgi script of the Wavlink AC3000 (WL-WN533A8) router’s microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the schreboot function in the adm.cgi script of the Wavlink AC3000 WL-WN533A8 router’s microprogramming system is related to the lack of measures taken to manage data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

The vulnerability of the set_qos() function in the internet.cgi script of the Wavlink AC3000 router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setqos function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the escape of operations from the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending...