15287 matches found
CVE-2023-23355 QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following...
Xiaomi router 访问控制错误漏洞
Xiaomi router is a series of wireless routers from Chinese company Xiaomi. A security vulnerability exists in firmware version 2020 of the Xiaomi router, which stems from the lack of access control policies on some API interfaces, which could lead to WIFI password leakage and allow attackers to...
Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution Exploit
Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution RCE Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Windows XP SP3, Windows...
Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution (RCE)
Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution RCE Date: 11/08/2022 Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Window...
DataEase 注入漏洞
DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and gain insight into business trends , so as to achieve business improvement and optimization . An injection vulnerability exists in DataEase version 1.18.4 and earlier versions. An attacker...
PT-2023-8672 · Unknown · Osprey Pump Controller
Name of the Vulnerable Software and Affected Versions: Osprey Pump Controller version 1.01 Description: The issue is related to the lack of verification for HTTP requests, which may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious...
Hashicorp Consul v1.0 - Remote Command Execution Exploit
Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References: https://www.consul.io/api/agent/service.html Tested on:...
SolarWinds Information Service (SWIS) Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/amqp/version091' class MetasploitModule 'SolarWinds Information Service SWIS .NET Deserialization From AMQP RCE', 'Description' = %q The SolarWinds...
The vulnerability of the crypt_64bit_up/down() function in the Telnet service of Netgear’s microprogrammed router Orbi RBR750 allows a hacker to execute arbitrary commands.
The vulnerability of the crypt64bitup/down function in the Telnet service of Netgear Orbi RBR750 microprogramming routers is related to the presence of hidden functionality when using the Blowfish cryptographic algorithm. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of TP-Link MR3020 router’s microprogramming software, related to the lack of measures taken to clean data at the control level, allows attackers to execute arbitrary commands.
The vulnerability of TP-Link MR3020 router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending a specially crafted tftp request to the destination...
Hashicorp Consul 1.0 Remote Command Execution
Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Date: 26/10/2022 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References:...
Hashicorp Consul v1.0 - Remote Command Execution (RCE)
Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Date: 26/10/2022 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References:...
Webgrind 1.1 Cross Site Scripting / Remote Code Execution
Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting XSS & Remote Command Execution RCE Discovery by: Rafael Pedrero Discovery Date: 2022-02-13 Vendor Homepage: http://github.com/jokkedk/webgrind/ Software Link : http://github.com/jokkedk/webgrind/ Tested Version: 1.1 Tested on: Windows 1...
Human Resources Management System v1.0 - Multiple SQL injection Vulnerability
Exploit Title: Human Resources Management System v1.0 - Multiple SQLi Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software...
WebTareas 2.4 - Remote Command Execution (Authorized) Vulnerability
Exploit Title: WebTareas 2.4 - RCE Authorized Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on: Windows 10 using XAMPP, Apache/2.4.4...
Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution Vulnerability
Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting XSS & Remote Command Execution RCE Discovery by: Rafael Pedrero Vendor Homepage: http://github.com/jokkedk/webgrind/ Software Link : http://github.com/jokkedk/webgrind/ Tested Version: 1.1 Tested on: Windows 10 using XAMPP Vulnerability...
PT-2023-7473 · Ubiquiti · Ubiquiti Edgerouter X
Name of the Vulnerable Software and Affected Versions: Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 Description: The issue exists due to insufficient input validation in the NAT Configuration Handler component of the Ubiquiti EdgeRouter's firmware, potentially allowing a remote attacker to execut...
Bitbucket 7.0.0 Remote Command Execution
Exploit Title: Bitbucket v7.0.0 - RCE Date: 09-23-2022 Exploit Author: khal4n1 Vendor Homepage: https://github.com/khal4n1 Tested on: Kali and ubuntu LTS 22.04 CVE : cve-2022-36804 The following exploit is used to exploit a vulnerability present Atlassian Bitbucket Server and Data Center 7.0.0...
The vulnerability of the formWriteFacMac function in the Tenda AC1206 router software allows a hacker to execute arbitrary commands.
The vulnerability of the formWriteFacMac function in the Tenda AC1206 router microprogramming system is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow an attacker operating remotely to execute arbitrary commands...
The vulnerability of the application software interface of the software platform for managing security in industrial networks, MXSecurity, allows a perpetrator to execute arbitrary commands.
The vulnerability of the application software interface of the MXSecurity software platform for managing security in industrial networks is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary...