CVE-2025-57633

A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...

CVE-2025-42944 Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4)

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...

FTP-Flask-python 安全漏洞

FTP-Flask-python is a Python library by the individual developer Ajay Pandurang Paratmandali. A security vulnerability exists in FTP-Flask-python 5173b68 and earlier versions, which stems from an uncleaned and escaped ftpfile parameter that could lead to remote command execution...

Multiple vulnerabilities in TkEasyGUI

Overview TkEasyGUI provided by kujirahand contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-55037 Uncontrolled search path element CWE-427 - CVE-2025-55671 Satoki Tsuji of Ikotas Labs, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the...

Baidu.com Windows Client Remote Command Execution Vulnerability

BaiduNetdisk BaiduNetdisk is a cloud-based platform that provides file storage, synchronization and sharing services. Users can store their personal files through BaiduNetdisk and can share files by linking or inviting others. BaiduNetdisk also provides a file synchronization feature that allows...

Progress Software OpenEdge 命令注入漏洞

Progress Software OpenEdge is a suite of integrated development environments IDEs from Progress Software, USA. A command injection vulnerability exists in Progress Software OpenEdge that stems from insufficient input validation of the Java RMI interface, which could lead to a remote command...

Linux Distros Unpatched Vulnerability : CVE-2005-10004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell...

Linux Distros Unpatched Vulnerability : CVE-2024-50636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyMOL 2.5.0 contains a vulnerability in its Run Script function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can...

Linux Distros Unpatched Vulnerability : CVE-2017-15041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.8.4 and 1.9.x before 1.9.1 allows go get remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1...

Linux Distros Unpatched Vulnerability : CVE-2020-25592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

CVE-2025-57799

StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server...

CVE-2025-57799 StreamVault can perform remote command execution

StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server...

CVE-2025-57799 StreamVault can perform remote command execution

StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server...

CVE-2025-57799 StreamVault can perform remote command execution

StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server...

CVE-2025-57799

CVE-2025-57799 relates to StreamVault, a multi-platform video parsing/downloading tool. Affects versions prior to 250822 where an attacker can modify system parameters, craft and execute commands, enabling remote command execution and potential server privilege gain. Patch released in 250822. In ...

CVE-2009-20010

Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate...

CVE-2025-54857

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier. If exploited, a remote unauthenticated attacker may execute arbitrary OS commands with root privileges...

CVE-2024-13980

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

CVE-2009-20011

ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as t...

CVE-2009-20010

Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate...