The vulnerability of the _nginxCmd() function of the Nginx web server control software, specifically the strong-nginx-controller, allows attackers to execute arbitrary commands.

The vulnerability of the nginxCmd function of the Nginx web server control software exists because measures to neutralize specific elements have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

VulnCheck KEV: CVE-2023-33831

A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...

The vulnerability of the /backup.pl component of the EasyNAS operating system’s network storage solution, allowing a hacker to execute arbitrary commands.

The vulnerability of the /backup.pl component of the EasyNAS operating system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command line. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the interfaces_gif_edit.php and interfaces_gre_edit.php components of the software network interface card based on the FreeBSD Netgate pfSense operating system allows a hacker to execute arbitrary commands.

The vulnerability of the interfacesgifedit.php and interfacesgreedit.php components of the software network interface layer based on the FreeBSD Netgate pfSense operating system exists due to the failure to implement measures to neutralize special elements. Exploiting this vulnerability allows a...

F5 BIG-IP TMUI AJP Smuggling Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...

MagnusBilling Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'MagnusBilling application unauthenticated Remote Command Execution.', 'Description' = %q A Command Injection vulnerabilit...

MagnusBilling Remote Command Execution Exploit

This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6.x and 7.x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call to an exec...

VulnCheck KEV: CVE-2017-18378

In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $GET'uploaddir' is not escaped and is passed to system through $tmpuploaddir, leading to upgradehandle.php?cmd=writeuploaddir remote command execution...

The vulnerability of the QTS operating system, the Media Streaming application for streaming multimedia files, and the Multimedia Console on QNAP devices allows a perpetrator to execute arbitrary commands.

The vulnerability of the QTS operating system, the Media Streaming application for streaming multimedia files, and the Multimedia Console on QNAP devices is related to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

Apache RocketMQ < 4.9.7 / 5.x < 5.1.2 RCE (CVE-2023-37582)

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 4.9.6 / 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

PT-2023-7057

Name of the Vulnerable Software and Affected Versions Quantum HD Unity products affected versions not specified Quantum HD Unity Compressor affected versions not specified Quantum HD Unity AcuAir affected versions not specified Quantum HD Unity Engine Room affected versions not specified Quantum ...

command injection in scp.c

The scp functionality in OpenSSH is vulnerable to command injection via backtick characters in the destination argument. The command will be run with the permissions of the user with which the files were copied on the remote server. To exploit this issue an attacker must manipulate a system...

Vulnerability of QuTS hero, QTS, and QuTScloud network devices: commands that allow attackers to execute arbitrary commands

The vulnerability of the QuTS hero, QTS, and QuTScloud network devices from operating systems is related to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

Cisco IOS XE Unauthenticated Remote Command Execution (CVE-2023-20198) (Direct Check)

Binary data ciscoiosxeCVE-2023-20198directcheck.nbin...

GHSA-2X28-C7J7-23GV Subrion remote command execution vulnerability

Subrion 4.2.1 has a remote command execution vulnerability in the backend...

Subrion remote command execution vulnerability

Subrion 4.2.1 has a remote command execution vulnerability in the backend...

CVE-2023-46947

Subrion 4.2.1 has a remote command execution vulnerability in the backend...

CVE-2023-46947

Subrion 4.2.1 has a remote command execution vulnerability in the backend...

Design/Logic Flaw

Subrion 4.2.1 has a remote command execution vulnerability in the backend...

PT-2023-6738 · Qnap · Qts +2

Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.0.1.2376 build 20230421 QTS versions prior to 4.5.4.2374 build 20230416 QuTS hero versions prior to h5.0.1.2376 build 20230421 QuTS hero versions prior to h4.5.4.2374 build 20230417 QuTScloud versions prior to...