15280 matches found
CVE-2024-44333
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious...
CVE-2024-44334
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgradefilter.asp...
PT-2024-8974 · Dell · Dell Enterprise Sonic Os
Name of the Vulnerable Software and Affected Versions: Dell Enterprise SONiC OS versions 4.1.x through 4.2.x Description: The issue is related to an improper neutralization of special elements used in an OS command, which can be exploited by a high-privileged attacker with remote access to execut...
Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) MVID-2024-0689 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4dc39c05bcc93e600dd8de16f2f7c599.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.JustJoke.21 BackDoor Pro - v2.0b4 Vulnerability: Unauthenticated Remote Command...
PT-2024-31141 · Unknown · Wayos Fbm-291W
Name of the Vulnerable Software and Affected Versions: WAYOS FBM-291W version 19.09.11 Description: The issue is related to Command Execution via msp info htm. This vulnerability occurs through the "msp info htm" endpoint, allowing for command execution. Recommendations: For WAYOS FBM-291W versio...
CVE-2024-42991
MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution...
CVE-2024-42991
MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution...
CVE-2024-42991
MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution...
MingSoft MCMS 安全漏洞
MingSoft MCMS is a complete open source J2ee system from China's MingFei MingSoft. A security vulnerability exists in MingSoft MCMS version v5.4.1, which stems from improper handling of the front-end file upload function, and could lead to remote command execution...
CVE-2024-42991
MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution...
CVE-2024-42991
CVE-2024-42991 affects MCMS v5.4.1, where a front-end file upload vulnerability can lead to remote command execution. The Red Hat / NVD / OSV / CVE records agree on the symptom; exploitation details are not provided in the connected documents. A practical mitigation mentioned in PT-2024-30245 is ...
PT-2024-30245 · Mcms · Mcms
Name of the Vulnerable Software and Affected Versions: MCMS version 5.4.1 Description: The issue is related to a front-end file upload vulnerability in MCMS, which can lead to remote command execution. This allows an attacker to execute commands remotely. Recommendations: For MCMS version 5.4.1,...
The vulnerability of the Graph Template component of the Centreon IT infrastructure monitoring software’s web interface allows a attacker to execute arbitrary SQL commands.
The vulnerability of the Graph Template component of the Centreon IT infrastructure monitoring software’s web interface is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...
PT-2024-6139 · Zyxel · Wax655E +4
Name of the Vulnerable Software and Affected Versions: Zyxel NWA1123ACv3 versions 6.70ABVT.4 and earlier Zyxel WAC500 versions 6.70ABVS.4 and earlier Zyxel WAX655E versions 7.00ACDO.1 and earlier Zyxel WBE530 versions 7.00ACLE.1 and earlier Zyxel USG LITE 60AX version V2.00ACIP.2 Description: The...
JBoss Seam 2 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Seam 2 Remote Command Execution', 'Description' = %q JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for R...
Linksys WRT54GL Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys WRT54GL Remote Command Execution', 'Description' = %q Some Linksys Routers are vulnerable to OS Command injection. You will need...
D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution', 'Description' = %q This module exploits an OS Command Injection vulnerability...
MAL-2024-12229 Malicious code in calculator-c08d6d50f5964131 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6343baa8b5e97a91b02979723f28035221550addc225d0e3911916a51ef5ef37 Clearly research/pentesting examples containing reverse shell. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also anythin...
The vulnerability of SolarWinds IT infrastructure management software’s Web Help Desk system, related to deficiencies in deserialization mechanisms, allows a hacker to execute arbitrary commands.
The vulnerability of SolarWinds IT infrastructure management software’s Web Help Desk component is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
PT-2024-38945 · Gether Technology · 6Shr System
Name of the Vulnerable Software and Affected Versions: 6SHR system from Gether Technology affected versions not specified Description: The 6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scrip...