CVE-2024-23636 SOFARPC Remote Command Execution(RCE) Vulnerbility

SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...

PRTG Authenticated Remote Code Execution

class MetasploitModule 'PRTG CVE-2023-32781 Authenticated RCE', 'Description' = %q Authenticated RCE in Paessler PRTG , 'License' = MSFLICENSE, 'Author' = 'Kevin Joensen ', 'References' = 'URL', 'https://baldur.dk/blog/prtg-rce.html', 'CVE', '2023-32781' , 'DisclosureDate' = '2023-08-09',...

The vulnerability of the SetStaticRouteSettings function in D-Link DIR-822 router software allows a hacker to execute arbitrary commands.

The vulnerability of the SetStaticRouteSettings function in D-Link DIR-822 router microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrar...

VulnCheck KEV: CVE-2020-35713

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page...

The vulnerability of the Yealink Meeting Server lies in the lack of measures taken to neutralize special elements used in the operating system command line. This allows attackers to execute arbitrary commands with root privileges.

The vulnerability of the Yealink Meeting Server exists because measures to neutralize special elements used in the operating system are not taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges remotely...

The vulnerability of the formMapDelDevice() function (boafrm/formMapDelDevice) in the Totolink X2000R router software allows a hacker to execute arbitrary commands.

The vulnerability of the formMapDelDevice function boafrm/formMapDelDevice in the Totolink X2000R router software is related to the lack of data cleaning measures at the control level when processing the macstr parameter. Exploiting this vulnerability allows an attacker to execute arbitrary...

WordPress Backup Migration 1.3.7 Remote Command Execution Exploit

This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 1.3.7 and below. The vulnerability is exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php...

The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform exists due to the lack of measures taken to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows a remote attacker to execute...

WordPress Backup Migration 1.3.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Backup Migration Plugin PHP Filter Chain RCE', 'Description' = %q This module exploits an unauth RCE in the WordPress plugin: Backup...

GO-2024-2464 Remote command execution in github.com/0xJacky/Nginx-UI

Remote command execution in github.com/0xJacky/Nginx-UI...

The vulnerability of the popen.cgi (/www/cgi-bin/popen.cgi) implementation of the HWL-2511-SS industrial router’s software allows a perpetrator to execute arbitrary commands.

The vulnerability of the popen.cgi /www/cgi-bin/popen.cgi implementation of the HWL-2511-SS industrial router software is related to the lack of data cleaning measures at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2024-4874 · Solarwinds · Solarwinds Access Rights Manager

Name of the Vulnerable Software and Affected Versions: SolarWinds Access Rights Manager affected versions not specified Description: The issue is related to the use of dangerous methods or functions in the UserScriptHumster class of the SolarWinds Access Rights Manager. This allows an...

Laravel Deserialization of Untrusted Data Vulnerability

Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key APPKEY environment variable...

The vulnerability of the microprogrammed software of TP-Link Archer AX3000, Archer AX5400, and Archer AXE75 routers allows a hacker to execute arbitrary commands.

The vulnerability of TP-Link Archer AX3000, Archer AX5400, and Archer AXE75 Wi-Fi routers exists due to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to incorrect authentication, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to incorrect authentication. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the formDelWlRfPolicy function in the Tenda M3 network access controller software allows a intruder to execute arbitrary commands.

The vulnerability of the formDelWlRfPolicy function in the Tenda M3 network access controller software is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

CVE-2023-52026

TOTOlink EX1800T V9.1.0cu.2112B20220316 was discovered to contain a remote command execution RCE vulnerability via the telnetenabled parameter of the setTelnetCfg interface...

CVE-2023-52026

TOTOlink EX1800T V9.1.0cu.2112B20220316 was discovered to contain a remote command execution RCE vulnerability via the telnetenabled parameter of the setTelnetCfg interface...

OESA-2024-1050 netdata security update

netdata is the fastest way to visualize metrics. It is a resource efficient, highly optimized system for collecting and visualizing any type of realtime time-series data, from CPU usage, disk activity, SQL queries, API calls, web site visitors, etc. netdata tries to visualize the truth of now, in...

OESA-2024-1051 netdata security update

netdata is the fastest way to visualize metrics. It is a resource efficient, highly optimized system for collecting and visualizing any type of realtime time-series data, from CPU usage, disk activity, SQL queries, API calls, web site visitors, etc. netdata tries to visualize the truth of now, in...