15286 matches found
CVE-2023-29944
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...
Command injection
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...
CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1sortby parameter to modules/News/function.adminarticlestab.php...
CVE-2023-29944
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...
CVE-2023-29944
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...
PT-2023-22493 · Unknown · Metersphere
Name of the Vulnerable Software and Affected Versions: Metersphere version 1.20.20-lts-79d354a6 Description: The issue allows for Remote Command Execution. An attacker can execute system commands, including reverse-shell, by exploiting the custom code snippet function in the Metersphere system...
CVE-2023-29944
CVE-2023-29944 affects MeterSphere v1.20.20-lts-79d354a6. The vulnerability is a remote command execution in the custom code snippet function of the system workbench, allowing an attacker to run system commands (e.g., reverse shells). The CVE documents list a high impact with network access, no p...
EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal) Exploit
Exploit Title: EasyPHP Webserver 14.1 - Multiple Vulnerabilities RCE and Path Traversal Discovery by: Rafael Pedrero Discovery Date: 2022-02-06 Vendor Homepage: https://www.easyphp.org/ Software Link : https://www.easyphp.org/ Tested Version: 14.1 Tested on: Windows 7 and 10 Vulnerability Type:...
EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal)
Exploit Title: EasyPHP Webserver 14.1 - Multiple Vulnerabilities RCE and Path Traversal Discovery by: Rafael Pedrero Discovery Date: 2022-02-06 Vendor Homepage: https://www.easyphp.org/ Software Link : https://www.easyphp.org/ Tested Version: 14.1 Tested on: Windows 7 and 10 Vulnerability Type:...
The vulnerability of the Virtual Delivery Agent (VDA) software, used for virtualizing and delivering Citrix Virtual Apps and Desktops (formerly XenApp and XenDesktop), on Windows operating systems, allows a malicious individual to escalate their privileges and execute arbitrary commands.
The vulnerability of the Virtual Delivery Agent VDA software for virtualizing and delivering Citrix Virtual Apps and Desktops formerly XenApp and XenDesktop on Windows operating systems is related to deficiencies in access control when using a multi-user mode. Exploiting this vulnerability can...
CVE-2023-28742
When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Design/Logic Flaw
When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-28742
CVE-2023-28742 describes an authenticated remote command execution vulnerability in the BIG-IP DNS iQuery mesh when DNS is provisioned. The issue allows an attacker with network access to the DNS iQuery mesh (via the BIG-IP management port and/or self IPs) to execute arbitrary system commands thr...
CVE-2023-28742 BIG-IP iQuery mesh vulnerability
When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K000132972: BIG-IP iQuery mesh vulnerability CVE-2023-28742
Security Advisory Description When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. CVE-2023-28742 Impact This vulnerability may allow an authenticated attacker with network access to the DNS iQuery mesh through the BIG-IP management port and/...
PT-2023-21932 · Unknown · Dns Iquery Mesh
Name of the Vulnerable Software and Affected Versions: DNS iQuery mesh affected versions not specified Description: A remote command execution issue exists when DNS is provisioned, allowing authenticated attackers to execute commands. The issue is related to the DNS iQuery mesh. Recommendations: ...
The vulnerability of the zhttpd component in the libclinkc.so library of the ZyXEL DX5401-B0 router’s software allows a malicious actor to execute certain operating system commands remotely.
The vulnerability of the zhttpd component in the libclinkc.so library of the ZyXEL DX5401-B0 router microprogramming system is related to the possibility of buffer overflow in memory. Exploiting this vulnerability could allow a remote attacker to execute certain commands on the operating system...
CVE-2023-30944
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database...
The vulnerability of the command-line interface (CLI) of Cisco Aironet Access Point software allows a attacker to execute arbitrary commands or cause service interruptions.
The vulnerability of the command-line interface CLI of Cisco Aironet Access Point microprogramming software exists because measures to neutralize the special elements used in the operating system command are not taken. Exploiting this vulnerability can allow an attacker to execute arbitrary...
The vulnerability of the warn-proceed handler component of the Sophos Web Appliance (SWA) security and management device allows a perpetrator to execute arbitrary commands.
The vulnerability of the warn-proceed handler component of the Sophos Web Appliance SWA security and management device for web devices is related to the lack of measures to sanitize input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...