NETGEAR WNAP320 Access Point Firmware - Remote Command Injection

NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2016-1555 info: name: NETGEAR WNAP320 Access Point Firmware - Remote Command Injection author: gy741 severity: critical...

ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion

ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. dot dot in the fileName parameter to servlets/FetchFile. id: CVE-2016-6601 info: name: ZOHO WebNMS Framework 5.2 SP1 - Local File Inclusion author: 0xAkoko...

Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass

Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a sessionid cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. id: CVE-2016-7552...

NETGEAR Routers - Authentication Bypass

NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management server. id: CVE-2017-5521 info: name: NETGEAR Routers - Authentication Bypass...

Apache Struts2 S2-053 - Remote Code Execution

Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. id: CVE-2017-9791 info: name: Apache Struts2 S2-053 - Remote Code Execution author: pikpikcu severity: critical description: | Apache...

WordPress PHPMailer < 5.2.18 - Remote Code Execution

WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property in isMail transport. id: CVE-2016-10033 info: name: WordPress PHPMailer 5.2.18 - Remote...

Intel Active Management - Authentication Bypass

Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology AMT and Intel Standard Manageability. A non-privileged local attacker can provision...

PhpColl 2.5.1 Arbitrary File Upload

PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logosclients/ via clients/editclient.php. id: CVE-2017-6090 info: name: PhpColl 2.5.1 Arbitrary File Uplo...

IBM WebSphere Java Object Deserialization - Remote Code Execution

IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector port 8880 by default. id: CVE-2015-7450 info: name: IBM WebSphere Java Object Deserialization - Remote Code Execution author: wdahlenb severity: critical description: IBM Websphere Applicatio...

HTTP File Server <2.3c - Remote Command Execution

HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full...

ElasticSearch v1.1.1/1.2 RCE

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search. Be aware this only violates the vendor's intended security policy if the user does not run...

Joomla! Core SQL Injection

A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands. id: CVE-2015-7297 info: name: Joomla! Core SQL Injection author: princechaddha severity: high description: A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote...

ElasticSearch <1.6.1 - Local File Inclusion

ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. id: CVE-2015-5531 info: name: ElasticSearch 1.6.1 - Local File Inclusion author: princechaddha severity: medium description: ElasticSearch before 1.6.1 allows remote...

TP-LINK - Local File Inclusion

TP-LINK is susceptible to local file inclusion in these products: Archer C5 1.2 with firmware before 150317, Archer C7 2.0 with firmware before 150304, and C8 1.0 with firmware before 150316, Archer C9 1.0, TL-WDR3500 1.0, TL-WDR3600 1.0, and TL-WDR4300 1.0 with firmware before 150302, TL-WR740N...

Drupal SQL Injection

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys. id: CVE-2014-3704 info: name: Drupal SQL...

DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution

DotNetNuke DNN versions between 5.0.0 - 9.3.0 are affected by a deserialization vulnerability that leads to remote code execution. id: CVE-2017-9822 info: name: DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution author: milo2012 severity: high description: DotNetNuke DNN...

Hikvision IP camera/NVR - Remote Command Execution

Certain Hikvision products contain a command injection vulnerability in the web server due to the insufficient input validation. An attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. id: CVE-2021-36260 info: name: Hikvisio...

FortiLogger 4.4.2.2 - Arbitrary File Upload

FortiLogger 4.4.2.2 is affected by arbitrary file upload issues. Attackers can send a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then Assets/temp/hotspot/img/logohotspot.asp. id: CVE-2021-3378 info: name: FortiLogger 4.4.2.2 - Arbitrary File Upload author:...

Progress Telerik Report Server - Authentication Bypass

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. id: CVE-2024-4358 info: name: Progress Telerik Report Server - Authenticatio...

WordPress File Upload <= 4.24.11 - Arbitrary File Read

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...

PaperCut - Unauthenticated Remote Code Execution

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. ...

Langflow < 1.9.0 - Remote Code Execution

Langflow versions prior to 1.9.0 are vulnerable to unauthenticated remote code execution RCE via the buildpublictmp endpoint. Attackers can submit a manipulated flow JSON containing Python code that is executed during the build process without proper sandboxing. id: CVE-2026-33017 info: name:...

WordPress <5.8.3 - SQL Injection

WordPress before 5.8.3 is susceptible to SQL injection through multiple plugins or themes due to improper sanitization in WPQuery, An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id:...

NETGEAR Routers - Remote Code Execution

NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow...

Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

Apache Druid - Remote Code Execution

Apache Druid is susceptible to remote code execution because by default it lacks authorization and authentication. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server. id: CVE-2021-25646 info: name: Apache Druid - Remote Cod...

.NET Framework - Leaking ObjRefs via HTTP .NET Remoting

.NET Framework Information Disclosure Vulnerability id: CVE-2024-29059 info: name: .NET Framework - Leaking ObjRefs via HTTP .NET Remoting author: iamnoooob,rootxharsh,DhiyaneshDk,pdresearch severity: high description: .NET Framework Information Disclosure Vulnerability impact: | Attackers can...

Windows Server 2003 & IIS 6.0 - Remote Code Execution

Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with "If http://" in a PROPFIND...

Sonicwall - Pre-Authentication Arbitrary File Read

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

Palo Alto Network PAN-OS - Remote Code Execution

Palo Alto Network PAN-OS and Panorama before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. id: CVE-2017-15944 info: name: Palo Alto Network PAN-OS - Remote Code Execution...

Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution

Laravel version 8.4.2 and before with Ignition before 2.5.2 allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of filegetcontents and fileputcontents. This is exploitable on sites using debug mode with Laravel before 8.4.2. id: CVE-2021-3129 info: name:...

Jboss Application Server - Remote Code Execution

Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2 is susceptible to a remote code execution vulnerability because the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization, thus allowing a...

Microsoft Windows 'HTTP.sys' - Remote Code Execution

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability." id: CVE-2015-1635 info: name: Microsoft...

XWiki Platform - Remote Code Execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute...

Apache <= 2.4.48 Mod_Proxy - Server-Side Request Forgery

Apache 2.4.48 and below contain an issue where uri-path can cause modproxy to forward the request to an origin server chosen by the remote user. id: CVE-2021-40438 info: name: Apache = 2.4.48 ModProxy - Server-Side Request Forgery author: pdteam severity: critical description: Apache 2.4.48 and...

Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by...

Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

Ingress-Nginx Controller - Remote Code Execution

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

MobileIron Core - Remote Unauthenticated API Access

Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain. id: CVE-2023-35082 info: name: MobileIron Core - Remote...

Apache Struts 2 - Remote Command Execution

Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a...

Drupal - Remote Code Execution

Drupal 7.x and 8.x contain a remote code execution vulnerability that exists within multiple subsystems. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly...

PHP CGI - Argument Injection

PHP CGI - Argument Injection CVE-2024-4577 is a critical argument injection flaw in PHP. id: CVE-2024-4577 info: name: PHP CGI - Argument Injection author: Hüseyin TINTAŞ,sw0rk17,s4e-io,pdresearch severity: critical description: | PHP CGI - Argument Injection CVE-2024-4577 is a critical argument...

Apache Struts 2.0.0-2.5.25 - Remote Code Execution

Apache Struts 2.0.0 through Struts 2.5.25 is susceptible to remote code execution because forced OGNL evaluation, when evaluated on raw user input in tag attributes, may allow it. id: CVE-2020-17530 info: name: Apache Struts 2.0.0-2.5.25 - Remote Code Execution author: pikpikcu severity: critical...

Drupal - Remote Code Execution

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. id: CVE-2018-7600 info: name: Drupal - Remote Code Execution author:...

WordPress File Manager Plugin - Remote Code Execution

The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files. id: CVE-2020-25213 Uploaded file will be accessible at:-...

Grafana - XSS / Open Redirect / SSRF via Client Path Traversal

An open redirect vulnerability in Grafana can be chained with other issues, such as XSS or SSRF, to increase impact. An attacker may exploit the redirect to target internal services or deliver malicious JavaScript, potentially leading to internal data exposure or account takeover. id: CVE-2025-41...

ShellShock - Remote Code Execution

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

DbGate - Remote Code Execution via Dynamic Import Bypass

DbGate versions = 7.1.8 are vulnerable to authenticated remote code execution via the POST /runners/load-reader endpoint. The functionName parameter is directly interpolated into a JavaScript code template without sanitization. The require=null mitigation is bypassed via dynamic import. id:...

YesWiki < 4.6.4 - Unauthenticated SQL Injection

YesWiki before version 4.6.4 contains an unauthenticated SQL injection vulnerability in the Bazar form-import path. The bnidnature parameter in FormManager::create is concatenated into an INSERT statement without sanitization, allowing unauthenticated attackers to inject arbitrary SQL and read th...

DbGate - Remote Code Execution via Anonymous JWT

DbGate contains a remote code execution vulnerability exploitable by unauthenticated attackers. The /auth/login endpoint issues anonymous JWT tokens without credentials, and the /runners/start endpoint accepts JavaScript payloads that execute via Node.js childprocess, allowing arbitrary command...