Tdarr 操作系统命令注入漏洞

Tdarr is a multimedia transcoding automation platform from Tdarr Inc. Tdarr version 2.00.15 suffers from an operating system command injection vulnerability that stems from unauthenticated remote code execution in the Help endpoint, which could lead an attacker to inject and link arbitrary comman...

Ilevia EVE X1 Server 4.7.18.0.eden (mbus) Unauthenticated Remote Command Injection

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

CVE-2025-20265 Cisco Secure Firewall Management Center Software Radius Remote Code Execution Vulnerability

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input...

CVE-2010-10013

An unauthenticated remote command execution vulnerability exists in AjaXplorer now known as Pydio Cells versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By...

Itemir M300 Wi-Fi Repeater 安全漏洞

Itemir M300 Wi-Fi Repeater is a wireless repeater from Itemir China. A security vulnerability exists in the Itemir M300 Wi-Fi Repeater that stems from an uncleared user parameter that could lead to an unauthenticated remote command injection attack...

Backdoor.Win32.Boiling MVID-2024-0696 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/80cb490e5d3c4205434850eff6ef5f8f.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Boiling Vulnerability: Unauthenticated Remote Command Execution Description: The...

Backdoor.Win32.Nightmare.25 MVID-2024-0687 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/0fe8f37543e8face08941899add38e35.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Nightmare.25 Vulnerability: Unauthenticated Remote Command Execution Family:...

Metasploit Weekly Wrap-Up 04/05/2024

New ESC4 Templates for AD CS Metasploit added capabilities for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4 technique in particular has been supported for some time now thanks to the adcscerttemplates module which enables users to read and write certificate template...

CVE-2024-27521

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain an unauthenticated remote command execution RCE vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows...

CVE-2023-28771

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to...

CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending “User-Agent: TNAS” to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. Recent assessments: cbeek-r7 at July 26, 2024 7:31pm UTC reported: A July 2024 bullet...

CVE-2022-46414

CVE-2022-46414 affects Veritas NetBackup Flex Scale up to 3.0 and NetBackup Access Appliance up to 8.0.100, permitting unauthenticated remote command execution via the management portal. CVSS v3.1 base score 9.8 (CRITICAL). Remediation: upgrade Veritas NetBackup Flex Scale to a version later than...

CVE-2022-36267

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...

Backdoor.Win32.Destrukor.20 MVID-2022-0627 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/c790749f851d48e66e7d59cc2e451956B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Destrukor.20 Vulnerability: Unauthenticated Remote Command Execution...

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System

It is an exploit module for CVE-2022-24990, a TerraMaster TOS Un...

Backdoor.Win32.Tiny.a Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/9fa664bc52e1aa46a09ac51aaa6c7384.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Tiny.a Vulnerability: Unauthenticated Remote Command Execution Description: The malwa...

Backdoor.Win32.Wisell Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/837ec70bfb305b5c862ff9b04e70a318.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wisell Vulnerability: Unauthenticated Remote Command Execution Description: The malwa...

Backdoor.Win32.Wollf.h Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/867c6b432ccd4aa51adc5e2722a4b144.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.h Vulnerability: Unauthenticated Remote Command Execution Description: The...

Backdoor.Win32.Chubo.c Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c16b04a9879896ef453a6deb13528087.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Chubo.c Vulnerability: Unauthenticated Remote Command Execution Family: Chubo Type:...

Backdoor.Win32.XRat.k Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/3d4350282ae043177063de2ad4827b97.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.XRat.k Vulnerability: Unauthenticated Remote Command Execution Description: XRat...