The vulnerability of the tddpd function in the Enable_test_mode microprogramming system of Tp-Link wireless access points Tp-Link AC1350 and Tp-Link N300 allows a hacker to execute arbitrary commands.

The vulnerability of the tddpd function in the Enabletestmode microprogramming system of Tp-Link AC1350 and Tp-Link N300 wireless access points is related to the activation of functions from an unverified controlled area. Exploiting this vulnerability allows a malicious actor to send arbitrary...

The vulnerability in the Avalanche mobile device management web component allows a hacker to execute arbitrary commands with SYSTEM privileges.

The vulnerability of the Avalanche mobile device management web component is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with SYSTEM privileges remotely...

The vulnerability in the Avalanche mobile device management web component allows a hacker to execute arbitrary commands with SYSTEM privileges.

The vulnerability of the Avalanche mobile device management web component is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with SYSTEM privileges remotely...

The vulnerability of the WLInfoRailService component in the Avalanche mobile device management system allows a hacker to execute arbitrary commands.

The vulnerability of the WLInfoRailService component in the Avalanche mobile device management system is related to buffer overflow in the dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

VulnCheck KEV: CVE-2023-37679

A remote command execution RCE vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server...

FlatPress 1.3 Shell Upload

Exploit Title: FlatPress v1.3 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Discovered Date: 19.04.2024 Vendor Homepage: https://www.flatpress.org Software Link: https://github.com/flatpressblog/flatpress/archive/1.3.zip Tested Version: 1.3 latest Tested on: MacOS import requests...

The vulnerability of the Service Port component 7329 of the Tenda AC23 microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the Service Port component 7329 of the Tenda AC23 microprogramming router lies in insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the WLInfoRailService component in the Avalanche mobile device management system allows a hacker to execute arbitrary commands.

The vulnerability of the WLInfoRailService component in the Avalanche mobile device management system is related to the possibility of buffer overflows based on a stack-based mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the Quick.cgi file allows attackers to execute arbitrary commands on QTS, QuTS hero, and QuTScloud operating systems for network devices from Qnap.

The vulnerability of the Quick.cgi file exists in operating systems such as QTS, QuTS Hero, and QuTScloud, as well as in networking devices from Qnap. This vulnerability stems from the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this...

PT-2024-5388 · Duckdb +2 · Duckdb +2

Name of the Vulnerable Software and Affected Versions: Vanna version 0.3.4 Description: The issue is related to the Vanna framework's web interface, specifically with its integration of DuckDB and Flask Web APIs. It allows for SQL injection, enabling attackers to inject malicious SQL training dat...

The vulnerability of the Dell vApp Manager software, which manages data storage devices like Dell PowerMax EEM, and the Dell Unisphere for PowerMax Virtual Appliance and Solutions Enabler Virtual Appliance, allows a malicious individual to execute arbitrary commands.

The vulnerability of the Dell vApp Manager software, which manages data storage of Dell PowerMax EEM, and the Dell Unisphere for PowerMax Virtual Appliance and Solutions Enabler Virtual Appliance, exists due to the failure to address the special elements used in the operating system’s command set...

CVE-2023-33806

Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands...

Lenovo SMM/SMM2/FPC 安全漏洞

Lenovo SMM/SMM2/FPC is an application from Lenovo China. A security vulnerability exists in Lenovo SMM/SMM2/FPC that stems from a format string vulnerability. An attacker can use this vulnerability to execute arbitrary commands on specific API endpoints...

OESA-2024-1435 pcp security update

PCP provides a range of services that may be used to monitor and manage system performance. These services are distributed and scalable to accommodate the most complex system configurations and performance problems. Security Fixes: A flaw was found in PCP. The default pmproxy configuration expose...

PopojiCMS Version 2.0.1 - Remote Command Execution

Exploit Title: PopojiCMS Version : 2.0.1 Remote Command Execution Date: 27/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on:...

PopojiCMS Version 2.0.1 - Remote Command Execution Vulnerability

Exploit Title: PopojiCMS Version : 2.0.1 Remote Command Execution Exploit Author: tmrswrr Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on: https://www.softaculous.com/apps/cms/PopojiC...

WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)

Exploit Title: WBCE CMS Version : 1.6.1 Remote Command Execution Date: 30/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.1.zip Version: 1.6.1 Tested on: https://www.softaculous.com/apps/cms/WBCECMS POC: 1...

VulnCheck KEV: CVE-2022-47945

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

CHAOS RAT 5.0.1 Remote Command Execution

Exploit Title: CHAOS RAT v5.0.1 RCE Date: 2024-04-05 Exploit Author: @chebuya Software Link: https://github.com/tiagorlampert/CHAOS Version: v5.0.1 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-30850, CVE-2024-31839 Description: The CHAOS RAT web panel is vulnerable to command injection, which can be...

The vulnerability of the pmproxy component in the monitoring and performance visualization software Performance Co-Pilot (PCP) allows a hacker to execute arbitrary commands.

The vulnerability of the pmproxy component in the Performance Co-Pilot PCP monitoring and performance visualization software relates to the disclosure of information in the erroneous data area. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...