Unity Linux 20.1070a Security Update: openssh (UTSA-2026-006246)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006246 advisory. ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. Tenable has extracted the...

openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

A flaw was found in OpenSSH where the SSH client accepted \0 null characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up...

openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

A flaw was found in OpenSSH where the SSH client accepted \0 null characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up...

ALPINE-CVE-2025-61985

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...

Edgecore ECS2020 命令注入漏洞

The Edgecore ECS2020 is a network smart switch solution from Edgecore China. A security vulnerability exists in the Edgecore ECS2020 version 1.0.0.0 firmware that originates from allowing unauthenticated commands to be injected into the /EXCUSHELL URI via the command1 HTTP header...

金蝶某系统存在任意文件上传漏洞可威胁内网

简要描述： 上传绕过，可内网才是关键 详细说明： WooYun: 某大型在线考试系统通用型任意文件上传（涉及银行、证卷等企业） 问题发生后，是有进行相应的修补，但修补的有问题，限制了对jsp马的上传，但jspx毫无限制 上传jsp直接报错 但是jspx就 http://exam.kingdee.com/mana/edit/attachupload.jsp 可直接上传jspx马 上传成功后直接查看源代码获取shell地址 漏洞证明：...

phpmps某处漏洞导致官网沦陷

简要描述： phpmps某处漏洞导致官网沦陷 详细说明： phpmps某处漏洞导致官网沦陷 漏洞证明： phpmps某处漏洞导致官网沦陷 该处泄露了官网密码 WooYun: phpmps通用SQL注入（demo测试成功） admin/gxy123123 进入后台-首页flash处任意上传 shell地址：http://www.phpmps.com/demo/data\com\thumb/20150104iaoydj.php 密码：cai...

U-Mail injection of arbitrary code written in exp-vulnerability warning-the black bar safety net

u-mail in a file since the parameter filter is not rigorous and resulted inSQL injection by this vulnerability can be your shell to write to a web directory, you can batch getshell it. Baidu & Google Keywords: --------------------- Power by U-Mail Accurate anti-spam, effectively filtering more th...

PersianTools SQL Injection / Shell Upload

| @@@@@@@@ @@@@@@@@@ @@ @@ @@@@@ @@ @@ @@@@@@@@ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @@@ @ @ @ @ @ @ @ @ @ @ @ | | @@@@@@@@ @@@ @@@ @ @ @ @ @ @ @ @ @ @@@@@@@@ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ | | @@@@@@@@ ...

SiteEngine 7.1 members to upload WEBSHELL vulnerability 0DAY-vulnerability warning-the black bar safety net

Author:hackdn Reprinted indicate the zend encoding and decryption is not complete, do not bother to look at the code, use a Tamper or the like of the plug-in test of the POST parameters, it's$sFile = $oFile'name';filtering too fool, looks like the 5th version after you modify a function. This is ...

SoftXMLCMS upload 0day exploit-vulnerability warning-the black bar safety net

SoftXMLCMS includes a integrated HTML content display a CMS template. All this will give you a set of tools for creating a professional website in minimum time and cost-effective manner. SoftXMLCMS is written in JavaScript ASP IIS classics, and asked Microsoft and support...

discuz x1.5 discuz 7.2 后台getshell 0day通杀版

简要描述： xml过滤不严导致漏洞产生 详细说明： 方法为： 后台：插件--添加插件--请选择导入方式:上传本帖附件中的XML文件 并同时勾选上 允许导入不同版本 Discuz! 的插件易产生错误!! 然后确认 不懂的可以看演示动画。。 shell地址就为：data/plugindata/shell.lang.php discuz x1.5 shell地址就为：data/plugin/data/shell.lang.php discuz 7.2 漏洞证明：...

SiteServer CMS registration upload exploit-vulnerability warning-the black bar safety net

SiteServer CMS 网站 内容管理系统 是 基于 微软 .NET platform development of web content management system, which integrates the content release management, MultiSite management, timing, content acquisition, timing generation, multi-server publishing, search engine optimization, traffic statistics and many othe...

ESCMS vulnerability website system 0day-vulnerability warning-the black bar safety net

Version:ESCMS V1. 0 SP1 Build 1 1 2 5 Background login authentication is through the admin/check. asp achieved,look at the code % if Request. cookiesCookiesKey"ESadmin"="" then 'Note that here Oh,he is by COOKIE validation ESadmin is empty,we can forge a value,called he is not empty 'CookiesKey i...

eWebEditorNet exploit to get WEBSEHLL-vulnerability warning-the black bar safety net

Principle:eWebEditorNet/upload. aspx file form id="myform" method="post" encType="multipart/form-data" runat="server" INPUT id="uploadfile" style="HEIGHT: 18px" type="file" size="2 8" name="uploadfile" runat="server" asp:linkbutton id="lbtnUpload" runat="server"/asp:linkbutton/form script...

jsp fckeditor vulnerability-vulnerability warning-the black bar safety net

Source: http://www.t00ls.net/viewthread.php?tid=403&extra=page%3D1 http://www.xxx.com/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=%2F Upload shell address:...

aspWebAlbum 3.2 (Upload/SQL/XSS) Multiple Remote Vulnerabilities

No description provided by source. - Discovered bay AleminKrali ==== - aspWebAlbum 3.2 - Script Download "http://www.fullrevolution.com" - aspWebAlbum 3.2 Single Site License | $60.00 : - HomePage al3m.blogspot.com...