CVE-2026-9437 DTStack Taier REST API Runtime.exec os command injection

A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may ...

OpenMetadata 1.2.3 Authentication Bypass / SpEL Injection Exploit

This Metasploit module exploits OpenMetadata versions 1.2.3 and below by chaining an API authentication bypass using JWT tokens along with a SpEL injection vulnerability to achieve arbitrary command execution. This module requires Metasploit: https://metasploit.com/download Current source:...

Eclipse Jetty CgiServlet Vulnerability (GHSA-3gh6-v5v9-6v9j) - Linux

Eclipse Jetty is prone to a vulnerability in the CgiServlet. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

CVE-2023-36479 Jetty vulnerable to errant command quoting in CGI Servlet

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

Spring Cloud 3.2.2 - Remote Command Execution Exploit

Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...

Exploit for Improper Input Validation in Zohocorp Manageengine_Access_Manager_Plus

CVE-2022-47966 POC for CVE-2022-47966 affecting the following...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 Confluence OGNL expression injected RCECVE-202...

Exploit for Improper Input Validation in Apache Unomi

CVE-2020-13942 CVE-2020-13942 POC by Eugene Rojavski Origi...

Exploit for CVE-2020-2883

POC for weblogic CVE-2020-2883 poc1: bash javax.manageme...

Apache Tomcat untime.getRuntime().exec() Privilege Escalation (win)

No description provided by source. %@ page import="java.util.,java.io."% % % %-- abysssec inc public material just upload this file with abysssec.jsp and execute your command your command will run as administrator . you can download sam file add user or do anything you want . note : please be...