15287 matches found
Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication
PoC exploit for CVE-2023-27532, a vulnerability in Veeam Backup...
PT-2023-7478 · Unknown · Osprey Pump Controller
Name of the Vulnerable Software and Affected Versions: Osprey Pump Controller version 1.01 Description: The issue exists due to the failure to neutralize special elements in the DataLogView.php, EventsView.php, and AlarmsView.php scripts of the Osprey Pump Controller software. This allows a remot...
CVE-2022-28496
TOTOLink outdoor CPE CP900 V6.3c.566B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2023-27874
IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845...
PT-2023-2286 · NetGear · Netgear Orbi Satellite Rbs750
Name of the Vulnerable Software and Affected Versions: Netgear Orbi Satellite RBS750 version 4.6.8.5 Description: A command execution vulnerability exists in the ubus backend communications functionality. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can sen...
Human Resources Management System 1.0 SQL Injection
Exploit Title: Human Resources Management System - HRM - Multiple SQLi Date: 16/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link:...
Human Resources Management System 1.0 SQL Injection Vulnerability
Exploit Title: Human Resources Management System - HRM - Multiple SQLi Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software...
VulnCheck KEV: CVE-2018-15133
Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key APPKEY environment variable...
The vulnerability of the command-line interface of ArubaOS systems allows a hacker to execute arbitrary commands.
The vulnerability of the command-line interface of ArubaOS systems is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the command-line interface of ArubaOS systems allows a hacker to execute arbitrary commands.
The vulnerability of the command-line interface of ArubaOS systems is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
PT-2023-9802 · Draytek · Draytek Vigor2960
Name of the Vulnerable Software and Affected Versions: DrayTek Vigor2960 version 1.5.1.4 Description: The issue allows an authenticated attacker with network access to the web management interface to inject operating system commands via the parameter parameter in the mainfunction.cgi component...
CVE-2023-25617
SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...
PYSEC-2023-315
SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...
CVE-2023-25617 OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)
SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...
Internet Bug Bounty: CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service and Remote Command Execution
An improper input validation vulnerability was discovered in the Apache Airflow Google Provider, affecting versions before 8.10.0. Attackers could modify existing connection configuration information to execute malicious commands or create arbitrary files, leading to denial of service...
Internet Bug Bounty: Apache Airflow Google Cloud Sql Provider Remote Command Execution
An improper input validation vulnerability was discovered in Apache Airflow Google Provider before version 8.10.0, which could allow an attacker to execute remote commands on the victim's machine by modifying the existing connection configuration information. The vulnerability was discovered by X...
The vulnerability of the microprogramming software of the SolarView Compact device, which is used for measuring solar energy, data display, and storage, stems from the lack of measures to clean incoming data. This allows a malicious individual to execute arbitrary commands.
The vulnerability of the microprogramming software of the SolarView Compact device, which is used for measuring solar energy, data display, and storage, stems from the lack of measures to clean incoming data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary command...
The vulnerability in the web interface for operating systems ArubaOS exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.
The vulnerability in the web interface for operating systems ArubaOS exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of Huawei BiSheng-WNM printer’s microprogramming software lies in the lack of measures to neutralize the special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.
The vulnerability of Huawei BiSheng-WNM printer’s microprogramming software is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by transmitting specially...
The vulnerability of D-Link DCS-930L Wi-Fi cameras lies in the lack of measures taken to neutralize special elements used in the operating system’s command structure. This allows intruders to execute arbitrary commands.
The vulnerability of D-Link DCS series Wi-Fi cameras exists due to the lack of measures taken to neutralize special elements used in the operating system’s command structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...