MiniDVBLinux 安全漏洞

MiniDVBLinux is a multimedia center software from the German company MiniDVBLinux. A security vulnerability exists in MiniDVBLinux version 5.4, which originates from a command GET parameter that allows an unauthenticated attacker to execute arbitrary commands, potentially resulting in remote...

CVE-2025-66848

CVE-2025-66848 affects JD Cloud NAS routers: AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier). The vulnerability is an unauthorized remote comman...

PT-2025-54241

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier Description The software contains an authenticated command injection issue in the www-data-handler.php script. Attackers can inject system commands through the services POST parameter...

Exploit for Code Injection in Xwiki

CVE-2025-24893 – XWiki Remote Command Execution Proof of Conc...

MAL-2025-192953 Malicious code in aiogram-types-v3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f6ba04e944f1dfda1aaa2d571fa79cd8ce4074a106bae228e582473226810baf During installation or importing the module, the package starts a reverse shell to hardcoded locatiom --- Category: MALICIOUS - The campaign has clearly...

EUVD-2005-4893

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

Malicious code in aiogram-3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3d8dac0d1eb98dbfc0fe46cabeadb550699f5e41b5d033ded073f7572f450bf7 During installation or importing the module, the package starts a reverse shell to hardcoded locatiom --- Category: MALICIOUS - The campaign has clearly...

CVE-2019-25243 FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test

FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...

riello-multiple-vulnerabilities-2025

Riello UPS with NetMan 208 - Vulnerability Disclosure During...

Exploit for Code Injection in Laravel Livewire

Livepyre A tool designed to exploit CVE-2025-54068 an...

ROS-20251223-7314

A vulnerability in the Snapshot/Restore commands of the AdminServer component of the centralized service for maintaining configuration information, naming, providing distributed synchronization, and provisioning Apache ZooKeeper group services is related to incorrect handling of insufficient...

Sound4 IMPACT 操作系统命令注入漏洞

Sound4 IMPACT is a professional broadcast audio processor from Sound4 France. An OS command injection vulnerability exists in Sound4 IMPACT v2.x. The vulnerability stems from an OS command injection in the password parameter, which could lead to remote command execution...

Yet another DCOM object for lateral movement

Introduction If you're a penetration tester, you know that lateral movement is becoming increasingly difficult, especially in well-defended environments. One common technique for remote command execution has been the use of DCOM objects. Over the years, many different DCOM objects have been...

HPE OneView id-pools command execution

Added: 12/19/2025 Background HPE OneView is integrated IT infrastructure management software. Problem A vulnerability in the id-pools feature allow remote attackers to execute arbitrary commands by sending a PUT request to the executeCommand API endpoint. Resolution Apply the hotfix referenced in...

CVE-2023-53942 File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with ...

CVE-2025-65008

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands. The vendor was notified early about this vulnerability, but didn't respond with the details of...

CVE-2025-20393 Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due...

CVE-2025-20393 Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due...

CVE-2025-20393

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due...

CVE-2025-20393

CVE-2025-20393 affects Cisco AsyncOS Software on Cisco Secure Email Gateway (SEG) and Cisco Secure Email and Web Manager (SEWM) appliances. The vulnerability stems from improper input validation in the Spam Quarantine feature, allowing unauthenticated remote attackers to execute arbitrary command...