POC

Apache ActiveMQ远程命令执行漏洞 影响版本: 5.18.0 beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:spring="http://camel.apache.org/schema/spring" xmlns:context="http://www.springframework.org/schema/context"...

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

Enterprise Resource Planning ERP Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critic...

Horizon Business Services Caterease 安全漏洞

Horizon Business Services Caterease is an event planning and catering software from Horizon Business Services, USA. A security vulnerability exists in Horizon Business Services Caterease versions 16.0.1.1663 through 24.0.1.2405 and later versions, which originates from executing commands with...

The vulnerability of the Ping and Traceroute utilities in the SmartOS Wi-Fi router AdTran SRG 834-5 allows a hacker to execute arbitrary operating system commands.

The vulnerability of the Ping and Traceroute utilities in the SmartOS Wi-Fi router AdTran SRG 834-5 is related to the lack of measures taken to neutralize the special elements used in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the operating...

The vulnerability of the SSH service on the SmartOS operating system, specifically the AdTran SRG 834-5 Wi-Fi routers, allows a hacker to execute arbitrary operating system commands.

The vulnerability of the SSH service on the SmartOS Wi-Fi router AdTran SRG 834-5 is related to the use of strictly encrypted login credentials. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the operating system...

The vulnerability of the mknotifyd software, a monitoring tool for IT infrastructure, allows a perpetrator to execute arbitrary commands.

The vulnerability of the mknotifyd software for monitoring IT infrastructure systems in Checkmk is related to improper elimination of separators. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerabilities of the event monitoring, threat detection, and security analytics platforms of IBM QRadar Suite and IBM Cloud Pak for Security allow attackers to execute arbitrary commands.

The vulnerability of platform monitoring systems for events detection, threat detection, and security analytics in IBM QRadar Suite and IBM Cloud Pak for Security exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary...

The vulnerability of the child_process.spawn() and child_process.spawnSync() functions in the Node.js software platform for Windows operating systems allows a hacker to bypass security restrictions and execute arbitrary commands.

The vulnerability of the childprocess.spawn and childprocess.spawnSync functions in the Node.js software platform for Windows operating systems is related to the improper handling of the shell parameter in .bat and .cmd files. Exploiting this vulnerability allows a remote attacker to bypass...

The vulnerability of the WriteFacMac function in the microprogramming software for Tenda FH1201 allows a hacker to execute arbitrary commands.

The vulnerability of the formWriteFacMac function in the Tenda FH1201 router microprogramming system is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

The vulnerability of the Project Module in the Apache StreamPark development and management environment allows a attacker to execute arbitrary commands.

The vulnerability of the Project Module in the Apache StreamPark development and management environment is related to incorrect processing of the element. Exploiting this vulnerability may allow an attacker to execute arbitrary commands remotely...

PT-2024-29133 · Ffri · Ffri Amc

Name of the Vulnerable Software and Affected Versions: FFRI AMC versions 3.4.0 to 3.5.3 Some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 Description: The issue allows a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an...

ROS-20240729-22

A vulnerability in the packageindex module of the library designed to simplify the packaging of setuptools projects is related to functions used to download packages from URLs, provided by users or obtained from package index servers, are susceptible to code injection. Exploitation of the...

CVE-2024-41611

CVE-2024-41611 affects the D-Link DIR-860L REVA router firmware PATCH 1.10..B04, where the Telnet service contains hardcoded credentials , enabling remote login and execution of arbitrary commands. The vulnerability is documented across multiple sources (NVD/Red Hat/CNVD/CNNVD/OpenVAS entries) an...

Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site

The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website "chrome-web.com" serving malicious installer packages...

The vulnerability of the Gogs self-managed Git repository creation software lies in improper code generation management, allowing attackers to execute arbitrary commands.

The vulnerability of the Gogs self-managed Git repository creation software is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining

Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security firm Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of...

SQL Injection Vulnerability in FineReport of SailSoft Software Limited (CNVD-2024-33679)

FineReport is reporting software tool. SQL injection vulnerability exists in FineReport of SailSoft Software Ltd. The vulnerability is due to the existence of unauthorized sql injection in the /view/ReportServer interface, which can be exploited by an attacker to write to a file using sql...

CVE-2023-45249

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure ACI before build 5.0.1-61, Acronis Cyber Infrastructure ACI before build 5.1.1-71, Acronis Cyber Infrastructure ACI before build 5.2.1-69, Acronis Cyber Infrastructure ACI...

CVE-2023-45249

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure ACI before build 5.0.1-61, Acronis Cyber Infrastructure ACI before build 5.1.1-71, Acronis Cyber Infrastructure ACI before build 5.2.1-69, Acronis Cyber Infrastructure ACI...

CVE-2023-45249

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure ACI before build 5.0.1-61, Acronis Cyber Infrastructure ACI before build 5.1.1-71, Acronis Cyber Infrastructure ACI before build 5.2.1-69, Acronis Cyber Infrastructure ACI...