15257 matches found
CVE-2011-10017
Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...
CVE-2011-10019
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
CVE-2011-10019 Spreecommerce < 0.60.2 Search Parameter RCE
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
CVE-2011-10019
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
CVE-2011-10019 Spreecommerce < 0.60.2 Search Parameter RCE
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
CVE-2011-10017 Snort Report nmap.php/nbtscan.php RCE
Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...
CVE-2011-10017
Snort Report is vulnerable in versions prior to 1.3.2 due to improper sanitization in the nmap.php and nbtscan.php scripts. The vulnerability allows remote command execution via the target GET parameter with no authentication, potentially resulting in full system compromise. Public reports and CV...
CVE-2011-10017
Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...
CVE-2011-10017 Snort Report nmap.php/nbtscan.php RCE
Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...
NVIDIA Triton Inference Server HTTP Service Input Validation Vulnerability
Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. An input...
N-able N-Central Insecure Deserialization Vulnerability
N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution...
Spree Commerce 安全漏洞
Spree Commerce is an e-commerce platform from Spree Open Source. A security vulnerability exists in Spree Commerce versions prior to 0.60.2 that stems from the search function not cleaning up inputs, which could lead to remote command execution...
PT-2025-33088 · Unknown · Spree Commerce
Name of the Vulnerable Software and Affected Versions: Spreecommerce versions prior to 0.60.2 Description: Spreecommerce versions prior to 0.60.2 contain a remote command execution issue in the search functionality. The application does not properly sanitize input passed via the searchsend...
Snort Report 安全漏洞
Snort Report is an inspection report management system from the Snort team. A security vulnerability exists in Snort Report versions prior to 1.3.2 that stems from the nmap.php and nbtscan.php scripts not being cleaned of user input, which could lead to remote command execution...
GHSA-Q355-H244-969H Komari vulnerable to Cross-site WebSocket Hijacking
Summary WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated users Details https://github.com/komari-monitor/komari/blob/bd5a6934e1b79a12cf1e6a9bba5372d0e04f3abc/api/terminal.goL33-L35 Any third party website can send request...
Komari vulnerable to Cross-site WebSocket Hijacking
Summary WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated users Details https://github.com/komari-monitor/komari/blob/bd5a6934e1b79a12cf1e6a9bba5372d0e04f3abc/api/terminal.goL33-L35 Any third party website can send request...
Linux Distros Unpatched Vulnerability : CVE-2023-52138
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve...
GO-2025-3844 RatPanel can perform remote command execution without authorization in github.com/tnborg/panel in github.com/TheTNB/panel
RatPanel can perform remote command execution without authorization in github.com/tnborg/panel in github.com/TheTNB/panel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...
GHSA-2VCF-QXV3-2MGW Craft CMS has a theoretical bypass for CVE-2025-23209
Pre-requisites: Have a compromised security key https://craftcms.com/knowledge-base/securing-craftkeep-your-secrets-secret Somehow, manage to create an arbitrary file in Craft’s /storage/backups folder. With those two pieces in place, you could create a specific, malicious request to the...
The vulnerability in the pppoe.cgi script of Netgear DGN2200B router software allows a hacker to execute arbitrary commands.
The vulnerability of the pppoe.cgi script of the Netgear DGN2200B router operating system is related to the failure to take measures to neutralize special elements used in the operating system when processing the pppoeusername parameter. Exploiting this vulnerability allows a remote attacker to...