xxl-job 命令注入漏洞

XXL-JOB is a distributed task scheduling platform by the individual developer Xu Xueli xuxueli. A command injection vulnerability exists in xxl-job 3.1.1 and earlier versions, which stems from a misuse of the commandJobHandler function leading to os command injection attacks...

GPT-SoVITS-WebUI 命令注入漏洞

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI openslice function, which can be exploited by an attacker to execute arbitrary commands on the system...

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default...

CVE-2025-7553

CVE-2025-7553 affects D-Link DIR-818LW firmware up to 20191215. The vulnerability is in the System Time Page, where manipulation of the NTP Server parameter allows os command injection. Exploitation is possible remotely, and the exploit has been disclosed publicly. The issue is associated with de...

Comodo Internet Security Premium 命令注入漏洞

Comodo Internet Security Premium is a suite of computer security software from Comodo, Inc. that focuses on Internet security. A command injection vulnerability exists in Comodo Internet Security Premium version 12.3.4.8162, which stems from incorrect manipulation of the parameter binary/params...

Remote Code Execution (RCE)

org.conductoross, conductor-core is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper access control over Java class execution, which allows attackers to invoke system-level commands...

The vulnerability of the microprogrammed software of Edimax EW-7438RPn Mini wireless signal amplifiers arises from the lack of measures taken to neutralize the special elements used in the operating system’s command structure. This allows a hacker to execute arbitrary commands.

The vulnerability of the microprogrammed software of Edimax EW-7438RPn Mini wireless signal amplifiers is related to the lack of measures taken to neutralize special elements used in the operating system’s command processing for handling the sysCmd parameter. Exploiting this vulnerability allows ...

CVE-2025-34039 Yonyou NC BeanShell Command Injection

A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...

Materialise OrthoView 操作系统命令注入漏洞

Materialise OrthoView is an orthopedic planning solution from Materialise UK. An operating system command injection vulnerability exists in Materialise OrthoView 7.5.1 and earlier versions, which stems from vulnerability to OS command injection attacks when servlet sharing is enabled...

VulnCheck KEV: CVE-2025-34029

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

The vulnerability of the SYSTEM FTP-server command of the PCMan FTP Server allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the SYSTEM FTP-server command of the PCMan FTP Server lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service interruptions...

FreeFloat FTP Server Buffer Overflow Vulnerability (CNVD-2025-14375)

FreeFloat FTP Server is an FTP service from FreeFloat. A buffer overflow vulnerability exists in FreeFloat FTP Server that stems from the SYSTEM Command Handler component failing to properly validate the length size of input data, no details of the vulnerability are provided at this time...

Important: dotnet8.0

Issue Overview: External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. CVE-2025-26646 Affected Packages: dotnet8.0 Issue Correction: Run dnf update dotnet8.0 --releasever 2023.7.20250609 to...

ZendTo 安全漏洞

ZendTo is a web-based file transfer system from ZendTo Inc. A security vulnerability exists in ZendTo 6.10-6 Beta and earlier versions, which stems from an os command injection due to the misbehavior of the parameter file1 in the file NSSDropoff.php...

OS Command Exec, Unix Command Shell, Reverse TCP SSL (via Ruby)

Execute an OS command from PHP. Connect back and create a command shell via Ruby, uses SSL Module Options msf use payload/php/unix/cmd/reverserubyssl msf payloadreverserubyssl show actions ...actions... msf payloadreverserubyssl set ACTION msf payloadreverserubyssl show options ...show and set...

OS Command Exec, Unix Command Shell, Bind TCP (via perl) IPv6

Execute an OS command from PHP. Listen for a connection and spawn a command shell via perl Module Options msf use payload/php/unix/cmd/bindperlipv6 msf payloadbindperlipv6 show actions ...actions... msf payloadbindperlipv6 set ACTION msf payloadbindperlipv6 show options ...show and set options...

OS Command Exec, Unix Command Shell, Reverse TCP SSL (via perl)

Execute an OS command from PHP. Creates an interactive shell via perl, uses SSL Module Options msf use payload/php/unix/cmd/reverseperlssl msf payloadreverseperlssl show actions ...actions... msf payloadreverseperlssl set ACTION msf payloadreverseperlssl show options ...show and set options... ms...

OS Command Exec, Unix Command Shell, Reverse TCP SSL (via php)

Execute an OS command from PHP. Creates an interactive shell via php, uses SSL Module Options msf use payload/php/unix/cmd/reversephpssl msf payloadreversephpssl show actions ...actions... msf payloadreversephpssl set ACTION msf payloadreversephpssl show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Reverse TCP (via jjs)

Execute an OS command from PHP. Connect back and create a command shell via jjs Module Options msf use payload/php/unix/cmd/reversejjs msf payloadreversejjs show actions ...actions... msf payloadreversejjs set ACTION msf payloadreversejjs show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Bind TCP (via Ruby)

Execute an OS command from PHP. Continually listen for a connection and spawn a command shell via Ruby Module Options msf use payload/php/unix/cmd/bindruby msf payloadbindruby show actions ...actions... msf payloadbindruby set ACTION msf payloadbindruby show options ...show and set options... msf...