Backdrop CMS 1.27.1 Remote Command Execution

Exploit Title: Backdrop CMS 1.27.1 - Remote Command Execution RCE Date: 04/27/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS import os impor...

Backdrop CMS 1.27.1 - Remote Command Execution Exploit

Exploit Title: Backdrop CMS 1.27.1 - Remote Command Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS import os import time import...

PopojiCMS 2.0.1 - Remote Command Execution Exploit

Exploit Title: PopojiCMS 2.0.1 - Remote Command Execution Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on:...

Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)

Exploit Title: Backdrop CMS 1.27.1 - Authenticated Remote Command Execution RCE Date: 04/27/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS...

PopojiCMS 2.0.1 - Remote Command Execution (RCE)

Exploit Title: PopojiCMS 2.0.1 - Remote Command Execution Date: 14/04/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on:...

Exploit for CVE-2023-4596

CVE-2023-4596 !made-with-Pythonhttps://img.shields.io/bad...

OESA-2024-1589 engrampa security update

Mate File Archiver is an application for creating and viewing archives files, such as zip, xv, bzip2, cab, rar and other compress formats. Security Fixes: Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be...

CVE-2023-48643

Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...

CVE-2023-48643

Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...

CVE-2023-48643

Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...

CVE-2023-48643

CVE-2023-48643 affects Shrubbery tac_plus 2.x, 3.x, and 4.x up to F4.0.4.28. The issue arises when pre-auth or post-auth checks are configured as shell commands in tac_plus.cfg; strings from TACACS+ packets are used as command arguments, allowing injection that leads to unauthenticated remote com...

CVE-2024-4999

A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller:...

The vulnerability of the disconnectVPN function in the microprogramming software for TOTOLINK X5000R allows a hacker to execute arbitrary commands.

The vulnerability of the disconnectVPN function in the microprogramming software for TOTOLINK X5000R lies in the lack of measures to protect input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2024-33828 · Ligowave · Ligowave Pro +3

Name of the Vulnerable Software and Affected Versions: Ligowave UNITY versions through 6.95-2 Ligowave PRO versions through 6.95-1.Rt3883 Ligowave MIMO versions through 6.95-1.Rt2880 Ligowave APC Propeller versions through 2-5.95-4.Rt3352 Description: A vulnerability in the web-based management...

PT-2024-13615 · Shrubbery · Tac Plus

Name of the Vulnerable Software and Affected Versions: Shrubbery tac plus versions 2.x through 4.x and versions up to F4.0.4.28 Description: The issue allows unauthenticated Remote Command Execution. It is caused by the product's ability to configure authorization checks as shell commands through...

The vulnerability of the “register_argc_argv” option in the Cacti network monitoring software allows a hacker to execute arbitrary commands.

The vulnerability of the Cacti network monitoring software’s option registerargcargv is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely by injecting a specially crafted URL address...

The vulnerability of the runtime.pingTest() function in Linksys E5600 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the runtime.pingTest function in Linksys E5600 router microprogramming software is related to the lack of measures taken to neutralize special elements used in the OS command when processing the ipurl parameter. Exploiting this vulnerability allows a remote attacker to execut...

CVE-2024-32352

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an authenticated remote command execution RCE vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary...

CVE-2024-32352

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an authenticated remote command execution RCE vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary...

CVE-2024-32351

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an authenticated remote command execution RCE vulnerability via the "mru" parameter in the "cstecgi.cgi" binary...