CVE-2023-43270

dst-admin v1.5.0 was discovered to contain a remote command execution RCE vulnerability via the userId parameter at /home/playerOperate...

CVE-2023-43270

dst-admin v1.5.0 was discovered to contain a remote command execution RCE vulnerability via the userId parameter at /home/playerOperate...

Command injection

dst-admin v1.5.0 was discovered to contain a remote command execution RCE vulnerability via the userId parameter at /home/playerOperate...

CVE-2023-43270

dst-admin v1.5.0 was discovered to contain a remote command execution RCE vulnerability via the userId parameter at /home/playerOperate...

dst-admin Code Injection Vulnerability

dst-admin is a web program written in Java by qinming99, an individual developer. A security vulnerability exists in dst-admin v1.5.0, which is caused by a Remote Command Execution RCE vulnerability in the parameter userId of the component /home/playerOperate...

PT-2023-27751 · Unknown · Juplink Rx4-1500

Name of the Vulnerable Software and Affected Versions: Juplink RX4-1500 versions V1.0.2 through V1.0.5 Description: The issue allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint "homemng.htm". This enables attackers to inject command...

CVE-2023-43270

dst-admin v1.5.0 was discovered to contain a remote command execution RCE vulnerability via the userId parameter at /home/playerOperate...

The vulnerability of the hybrid cloud management platform Acronis Cloud Manager lies in insufficient validation of input data, allowing arbitrary commands to be executed.

The vulnerability of Acronis Cloud Manager, a platform for managing hybrid clouds, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary commands...

TOTOLINK Wireless Routers unauthenticated remote command execution vulnerability.

Multiple TOTOLINK network products contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. After exploitation, an attacker will have full access with the same user privileges under...

The vulnerability of TP-Link Archer A10’s microprogramming software arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary operating system commands.

The vulnerability of TP-Link Archer A10 router’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary operating system commands...

SMShell - Send Commands And Receive Responses Over SMS From Mobile Broadband Capable Computers

PoC for an SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers. This tool came as an insipiration during a research on eSIM security implications led by Markus Vervier, presented at Offensivecon 2023 Disclaimer This is not a complete C2 but rather...

Super Store Finder 3.7 Remote Command Execution Vulnerability

Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote Code Execution Researcher : Etharus Vendor : Joe Iz, https://www.superstorefinder.net/ Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.7 and below Date : 18 September 2023 FOFA Dork :...

PT-2023-7787 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the Nagios XI monitoring tool, which fails to properly protect its web page structure when handling input fields $ARG1$ and $ARG2$. This can be exploited by a remo...

The vulnerability of the lxmldbc_system() function in D-Link DIR-859 router software allows a hacker to execute arbitrary commands.

The vulnerability of the lxmldbcsystem function in D-Link DIR-859 router microprogramming software is related to the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Vulnerability of the landing module of the content management system (CMS) for 1C-Bitrix: A website management tool that allows a hacker to execute OS commands on a vulnerable node, gain control over resources, and penetrate the internal network.

Vulnerability of the landing module of the CMS system: Website management is triggered by synchronization errors when using a common resource. Exploiting this vulnerability allows a malicious actor to remotely execute OS commands on a vulnerable node, gain control over resources, and penetrate th...

Super Store Finder 3.7 Remote Command Execution

Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote Code Execution Researcher : Etharus Vendor : Joe Iz, https://www.superstorefinder.net/ Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.7 and below Date : 18 September 2023 FOFA Dork :...

CVE-2023-33831

A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...

CVE-2023-33831

A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...

CVE-2023-33831

A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...

Design/Logic Flaw

A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...