PT-2023-3014 · Teltonika · Teltonika'S Remote Management System

Name of the Vulnerable Software and Affected Versions: Teltonika’s Remote Management System versions prior to 4.10.0 Description: The issue allows users to access managed devices’ local secure shell SSH/web management services over the cloud proxy. A user can request a web proxy and obtain a URL ...

CVE-2022-29841

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to...

Command injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to...

Information disclosure

An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install...

Western Digital My Cloud 操作系统命令注入漏洞

Western Digital My Cloud is a personal cloud storage device from Western Digital. A security vulnerability exists in Western Digital My Cloud OS 5 prior to version 5.26.119, which stems from an operating system command injection vulnerability that can be exploited by an attacker to remotely execu...

CVE-2023-31471

An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install...

CVE-2023-31471

The CVE-2023-31471 entry concerns GL.iNet devices prior to version 3.216. The issue arises via the software installation feature, where restrictions on the available package list are only client-side verified, allowing installation of arbitrary software (including a reverse shell) from the filesy...

CVE-2023-29944

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...

Command injection

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...

CVE-2023-29944

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...

Exploit for Incorrect Authorization in Cacti

CVE-2022-41343 🐍 Python Exploit for CVE-2022-46169 Staged Rev...

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 This repository contains a Proof of Concept P...

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 This repository contains a Proof of Concept P...

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169-CACTI-1.2.22 This is a exploit of CVE-2022-4616...

Exploit for Incorrect Authorization in Cacti

CVE 2022-46169 This script exploits an...

Exploit for Cross-site Scripting in Dompdf_Project Dompdf

CVE-2022-28368-handler This repository contains a python scrip...

Wondershare Filmora 12.2.9.2233 Unquoted Service Path

Exploit Title: Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Date: 2023/04/23 Exploit Author: msd0pe Vendor Homepage: https://www.wondershare.com My Github: https://github.com/msd0pe-1 Wondershare Filmora: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto...

OCS Inventory NG 2.3.0.0 Unquoted Service Path

Exploit Title: OCS Inventory NG 2.3.0.0 - Unquoted Service Path Date: 2023/04/21 Exploit Author: msd0pe Vendor Homepage: https://oscinventory-ng.org Software Link: https://github.com/OCSInventory-NG/WindowsAgent My Github: https://github.com/msd0pe-1 Fixed in version 2.3.1.0 OCS Inventory NG...

Exploit for Improper Access Control in Papercut Papercut_Mf

CVE-2023-27350 Exploit POCThis is a Proof of Concept POC explo...

OCS Inventory NG 2.3.0.0 - Unquoted Service Path

Exploit Title: OCS Inventory NG 2.3.0.0 - Unquoted Service Path Date: 2023/04/21 Exploit Author: msd0pe Vendor Homepage: https://oscinventory-ng.org Software Link: https://github.com/OCSInventory-NG/WindowsAgent My Github: https://github.com/msd0pe-1 Fixed in version 2.3.1.0 OCS Inventory NG...