Croogo 3.0.2 - Unrestricted File Upload Vulnerability

Exploit Title: Croogo 3.0.2 - Unrestricted File Upload Exploit Author: Enes Özeser Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 == 'setting-43' Unrestricted File Upload...

CVE-2021-36195

Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted...

Croogo 3.0.2 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Croogo 3.0.2 - Remote Code Execution Authenticated Exploit Author: Deha Berkin Bir Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 == Tutorial $command"; ? ...

PT-2021-23602 · Unknown +1 · Xorux Lpar2Rrd +1

Name of the Vulnerable Software and Affected Versions: XoruX LPAR2RRD and STOR2RRD versions prior to 7.30 Description: A shell command injection in the HW Events SNMP community allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...

Design/Logic Flaw

In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shellexec call...

PT-2021-23280 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.148 Description: The issue arises from the mishandling of parameter data in the app/Lib/Export/OpendataExport.php file, which is used in a shell exec call. This could potentially lead to security issues...

CVE-2021-3317

KLog Server through 2.4.1 allows authenticated command injection. async.php calls shellexec on the original value of the source parameter...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 13 in index.js file in export.latestVersion function. PoC: var root = require"npm-help"; var module = "& touch JHU"; root.latestVersionmodule; Remediation There is no fixed versi...

KLog Command Injection Vulnerability

KLog is ZhaoKaiQiang KLog individual developers of a logging tool for Android development . The tool's main functions are to print line numbers, function calls, Json parsing, XML parsing, click to jump, Log information saved and other functions. A command injection vulnerability exists in KLog...

Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Klog Server Unauthenticated Command Injection Vulnerability', 'Description' = %q This module exploits an unauthenticated command injection...

CTFtools

This repository is an offensive tool for web application exploitation, specifically targeting web servers. The primary vulnerability class is code execution RCE, with various exploitation techniques and payloads. The tool is designed to automate the exploitation process, making it easier for...

OS Command Injection

limdu is vulnerable to command injection. The vulnerability exists because it allows an attacker to inject malicious code via the function trainBatch in BinaryClassifierSet.js as it relies on shell execution, such as SVM Perf, SVM Linear or Adaboos...

Command Injection in Limdu

Impact The trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. Patches Patched in version 0.9.5. Workarounds Do not use trainBatch with classifiers that rely o...

LinuxKI Toolset 6.01 Remote Command Execution

This module exploits a vulnerability in LinuxKI Toolset 'LinuxKI Toolset 6.01 Remote Command Execution', 'Description' = %q This module exploits a vulnerability in LinuxKI Toolset MSFLICENSE, 'Author' = 'Cody Winkler', discovery and poc 'numan türle' msf exploit , 'References' = 'EDB', '48483',...

Command Execution Vulnerability in Motrix Linux Version

Motrix is an all-in-one download tool that supports downloading resources such as HTTP, FTP, BT, Magneto, Baidu.com and more. A command execution vulnerability exists in the Linux version of Motrix, which can be exploited by an attacker to upload a file to a specified location on the system and...

Command Injection

Overview npm-programmatic is a library that allows you to access npm commands programmatically from javascript. Affected versions of this package are vulnerable to Command Injection. The packages and option properties are concatenated together without any validation and are used by the exec...

CVE-2020-5282

In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the npm command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta...

Command injection

In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the npm command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta...

CVE-2020-5282 arbitrary shell execution in Nick Chan Bot

In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the npm command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta...

CVE-2020-5282

CVE-2020-5282 affects Nick Chan Bot prior to version 1.0.0-beta, where the npm command within the bot can lead to arbitrary shell execution. The root cause is unfiltered input to OS command construction, enabling code execution and potential compromise of the bot. References in multiple sources c...