Exploit for CVE-2026-37637

CVE-2026-37637 Proof of Concept for CVE-2026-37637 - Remo...

CVE-2026-7035 Tenda FH1202 httpd WrlclientSet fromWrlclientSet stack-based overflow

A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument Go can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has be...

CVE-2026-6204

LibreNMS is affected (versions before 26.3.0) by an authenticated remote code execution vulnerability via the Binary Locations config and Netcommand feature. Exploitation requires administrative privileges and could compromise the underlying web server. Affected component is the software’s web in...

CVE-2019-25480

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../publichtml/ to write executable code ...

CVE-2026-3169

The CVE-2026-3169 vulnerability affects Tenda F453 with firmware 1.0.0.3, targeting the httpd component’s function fromSafeEmailFilter in /goform/SafeEmailFilter. An input argument manipulation on page triggers a buffer overflow, enabling remote exploitation. Public exploit exists per description...

EUVD-2025-201253

The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP a ZIP containing another ZIP where the inner archive contains an executable file e.g. webshell.php. When the application extracts the uploaded archives, the executabl...

CVE-2025-0923

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...

CVE-2025-0923 IBM Cognos Analytics information disclosure

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...

CVE-2024-35144

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...

ASP.NET Vulnerability Lets Hackers Hijack Servers, Inject Malicious Code

Microsoft cybersecurity experts have identified a vulnerability flaw affecting ASP.NET applications, putting thousands of web servers at risk.…...

CVE-2024-43243

Unrestricted Upload of File with Dangerous Type vulnerability in themeglow JobBoard Job listing job-board-light allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through = 1.2.6...

PT-2023-2290 · Siemens · Cp-8050 +1

Name of the Vulnerable Software and Affected Versions: CP-8031 MASTER MODULE versions prior to CPCI85 V05 CP-8050 MASTER MODULE versions prior to CPCI85 V05 Description: The issue is related to insufficient argument checking in the web server of the Siemens SICAM CP-8031 and CP-8050 processor...

tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability

CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instance...

CVE-2018-10690

An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such...

Homepage Builder sample CGI programs vulnerable to OS command injection

Overview Some of the CGI sample programs included in Homepage Builder provided by IBM Japan contains a vulnerability which may allow an attacker to inject an arbitrary OS command. According to the vendor, it is confirmed that vulnerable CGI sample programs are not included in the demo versions of...

pMachine mail_autocheck.php Arbitrary Code Execution

It is possible to make the remote host include PHP files hosted on a third-party server using the pmachine CGI suite which is installed. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable...

clearswift MIMEsweeper for Web 4.05.0 - Directory Traversal

clearswift MIMEsweeper for Web 4.05.0 - Directory Traversal source: https://www.securityfocus.com/bid/10918/info Clearswift MIMEsweeper For Web is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. To carry out an attack an attacker may...

PHP-Ping php-ping.php count Parameter Arbitrary Command Execution

The remote host appears to be running 'php-ping.php' from TheWorldsEnd.NET. The remote version of this script does not properly sanitize the 'count' parameter and allows attackers to execute arbitrary commands or read arbitrary files on the remote host subject to the privileges of the web server...

ISS Security Brief: PeopleSoft PeopleTools Remote Command Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief March 10, 2003 PeopleSoft PeopleTools Remote Command Execution Vulnerability Synopsis: ISS X-Force has discovered a flaw in the PeopleSoft PeopleTools application framework. PeopleSoft enterprise software enables manageme...

SECURITY.NNOV: Buffer overflows in Worldgroup

Dear bugtraq, Topic: buffer overflows in WorldGroup 3.0 ftp and web servers Authors: Limpid Byte team http://lbyte.void.ru, [email protected] Date: February, 25 2002 Software: WorldGroup 3.x Vendor: Galacticomm http://www.gcomm.com/ Risk: High Remote: Yes Exploitable: Yes Vendor Status: Not contacted...