HP Power Manager Remote Code Execution

Added: 11/06/2009 CVE: CVE-2009-2685 BID: 36933 OSVDB: 59684 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A stack-based buffer overflow in the HP Power Manager management web server allows...

GitLab ExifTool uploaded image command injection

Added: 11/24/2021 Background GitLab is an open-source software development platform with built-in version control and issue tracking. Problem A remote attacker can execute arbitrary commands by uploading a specially crafted image to GitLab, which executes injected Perl code when ExifTool parses...

Sun Java Web Start JNLP file j2se element heap-size buffer overflow

Added: 07/23/2008 CVE: CVE-2008-3111 BID: 30148 OSVDB: 46959 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A buffer overflow vulnerability in Sun Java Web Start allows command execution when the us...

MySQL yaSSL SSL Hello message buffer overflow

Added: 03/10/2008 CVE: CVE-2008-0226 BID: 27140 OSVDB: 41935 Background MySQL is an open-source database software package available for multiple platforms. yaSSL is an SSL library. MySQL, if SSL support is enabled, uses yaSSL by default. Problem A buffer overflow vulnerability in the...

ProFTPD Telnet IAC buffer overflow

Added: 01/21/2011 CVE: CVE-2010-4221 BID: 44562 OSVDB: 68985 Background ProFTPD is free FTP Server software for Unix and Linux platforms. Problem A buffer overflow vulnerability in ProFTPD allows remote attackers to execute arbitrary commands by sending a TELNETIAC escape sequence to the FTP...

IIS Double Decoding Directory Traversal

Added: 11/28/2005 CVE: CVE-2001-0333 BID: 2708 OSVDB: 556 Background Microsoft IIS is a web server for Windows platforms. Problem Microsoft IIS 4.0 and 5.0 allow path validation checks to be bypassed by URL-encoding invalid characters twice. Thus, a backslash is first represented as %5c, and then...

Red Hat JBoss Enterprise Application Platform Remoting Unified Invoker command execution

Added: 07/18/2022 Background Red Hat JBoss Enterprise Application Platform is an open source platform for highly transactional, web-scale Java applications. Problem A remote, unauthenticated attacker can execute arbitary commands on the server by sending a specially crafted serialized object to t...

vBulletin subWidgets command execution

Added: 09/02/2020 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem An incomplete fix for a previously reported vulnerability allows a remote attacker to execute arbitrary commands by sending a POST request for the widgettabbedcontainertabpane...

Atlassian Confluence Data Center and Server broken access control

Added: 11/02/2023 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Broken access control in Atlassian Confluence Data Center and Server could allow a remote attacker to create an administrator account, leading to remote command execution. Resolution...

ColdFusion verifyldapserver vulnerability

Added: 03/07/2022 Background Adobe ColdFusion is a web application development platform written in Java. Problem The verifyldapserver method in utils.cfc allows a remote attacker to cause the server to download a Java class from an arbitrary LDAP server, leading to remote code execution. Resoluti...

FortiManager fgfmd remote command execution

Added: 11/15/2024 Background FortiManager is an integrated platform for the centralized management of products in a Fortinet security infrastructure. Problem Missing authentication in the fgfmd service could allow a remote attacker to execute arbitrary commands. Resolution Upgrade to FortiManager...

Apache Struts file upload path traversal

Added: 12/20/2024 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A directory traversal vulnerability in Apache...

Oracle WebLogic Server BadAttributeValueExpException deserialization

Added: 05/27/2020 CVE: CVE-2020-2555 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A Java object deserialization vulnerability in WebLogic allows unauthenticated remote code execution by sending a serialized BadAttributeValueExpExceptio...

EasyMail SMTP ActiveX Control AddAttachment buffer overflow

Added: 12/10/2009 BID: 36440 OSVDB: 59939 Background QuikSoft EasyMail Objects is a set of ActiveX controls which provide e-mail functionality. QuikSoft EasyMail Objects is included with Oracle Document Capture among other products. Problem A stack buffer overflow vulnerability in the...

Tabs Laboratories MailCarrier MAIL FROM buffer overflow

Added: 03/25/2019 Background Tabs Laboratories MailCarrier is an SMTP server. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted MAIL FROM command to the SMTP service. Resolution Upgrade to a fixed version of...

Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability

Added: 04/12/2012 CVE: CVE-2012-0158 BID: 52911 OSVDB: 81125 Background Microsoft Windows bundles various common ActiveX controls in the Common Controls library MSCOMCTL.OCX. Several Windows applications use these controls. Problem Various ActiveX controls in MSCOMCTL.OCX in the Common Controls i...

Mirth Connect deserialization vulnerability

Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade to...

PAN-OS management interface authentication bypass

Added: 11/20/2024 CVE: CVE-2024-0012 Background Palo Alto Networks firewall provides policy-based visibility and control over applications, users and threats. Problem An authentication bypass vulnerability combined with a command injection vulnerability in the PAN-OS management interface allows...

JetBrains TeamCity authentication bypass

Added: 10/03/2023 Background JetBrains TeamCity is a continuous integration tool for DevOps teams. Problem An authentication bypass vulnerability in JetBrains TeamCity could allow remote attackers to execute arbitrary commands. Resolution Upgrade to TeamCity 2023.05.4 or higher. References...

Polkit pkexec privilege elevation

Added: 01/27/2022 CVE: CVE-2021-4034 Background Polkit is a Linux package for handling policies that allow unprivileged processes to communicate with privileged processes. It includes a tool called pkexec that allows the user to execute commands as another user according to the polkit policy...

Lotus Notes HTML Speed Reader URL buffer overflow

Added: 02/17/2006 CVE: CVE-2005-2618 BID: 16576 OSVDB: 23068 Background Lotus Notes is the client for Lotus Domino servers. Problem A buffer overflow in the HTML Speed Reader component of the Lotus Notes e-mail client allows command execution by a specially crafted e-mail message containing a lon...

Zyxel zhttpd and libclinkc.so buffer overflows

Added: 01/17/2023 CVE: CVE-2022-4510 Background Zyxel Firewalls are a business solution providing protection from malware and unauthorized access. Problem A buffer overflow vulnerability in Zyxel firewalls could allow a remote, unauthenticated attacker to execute arbitrary code by requesting a...

Zimbra Collaboration Suite mboximport path traversal

Added: 08/30/2022 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem A path traversal vulnerability in the mboximport function could allow a remote attacker to create arbitrary JSP files within the web document root, leading to command...

Ivanti Connect Secure Server-Side Request Forgery

Added: 02/05/2024 Background Ivanti Connect Secure is a web-based remote access VPN. Problem A server-side request forgery vulnerability in the SAML component allows attackers to access restricted resources without authentication. This can lead to remote command execution when chained with other...

CyberPanel upgrademysqlstatus authentication bypass and command injection

Added: 11/07/2024 Background CyberPanel is a web hosting control panel. Problem A pair of vulnerabilities in the upgrademysqlstatus web resource could allow a remote attacker to bypass authentication using a PUT request and execute arbitrary commands with a specially crafted statusfile parameter...

PHPMailer Command Injection in WordPress Core via Exim

Added: 05/17/2017 BID: 95108 Background Wordpress is a free and open-source content management system CMS based on PHP and MySQL. WordPress uses PHPMailer, which is a PHP class used for sending email from PHP. PHPMailer provides an interface to the system's mail transfer agent MTA, such as...

Citrix ADC nsppe buffer overflow

Added: 08/09/2023 CVE: CVE-2023-3519 Background Citrix ADC formerly NetScaler ADC is an application delivery and load balancing platform. Problem A buffer overflow vulnerability in the nsppe process in Citrix ADC allows an unauthenticated attacker to execute arbitrary commands by making a special...

Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery

Added: 06/06/2019 CVE: CVE-2019-9621 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem The ProxyServlet component allows a remote attacker to upload arbitrary files, which can then be executed, using XML External Entity injection and...

ProFTPD Telnet IAC buffer overflow

Added: 01/21/2011 CVE: CVE-2010-4221 BID: 44562 OSVDB: 68985 Background ProFTPD is free FTP Server software for Unix and Linux platforms. Problem A buffer overflow vulnerability in ProFTPD allows remote attackers to execute arbitrary commands by sending a TELNETIAC escape sequence to the FTP...

F5 BIG-IP iControl REST vulnerability

Added: 05/13/2022 CVE: CVE-2022-1388 Background F5 BIG-IP is a suite of network security products. Problem An authentication bypass vulnerability in the iControl REST service allows remote attackers to execute arbitrary commands. Resolution Upgrade to one of the fixed versions referenced in...

Cisco Prime Infrastructure Health Monitor tar file directory traversal

Added: 11/25/2019 CVE: CVE-2019-1821 BID: 108339 Background Cisco Prime Infrastructure is a management system of wireless and wired networks. Problem A vulnerability in Cisco Prime Infrastructure Health Monitor allows a remote attacker to execute arbitrary commands by uploading a specially crafte...

vBulletin subWidgets command execution

Added: 09/02/2020 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem An incomplete fix for a previously reported vulnerability allows a remote attacker to execute arbitrary commands by sending a POST request for the widgettabbedcontainertabpane...

Sophos UTM Webadmin remote command execution

Added: 08/27/2021 Background Sophos UTM is a network security appliance. Problem A vulnerability in the Webadmin interface allows remote attackers to execute arbitrary commands by sending a specially crafted POST request. Resolution Upgrade to Sophos SG UTM v9.511 MR11, v9.607 MR7, or v9.705 MR5 ...

SSH password weakness

Added: 01/05/2011 CVE: CVE-1999-0502 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...

Ivanti Connect Secure and Policy Secure authentication bypass and command injection

Added: 01/18/2024 Background Ivanti Connect Secure is a web-based remote access VPN. Problem An authentication bypass vulnerability and a command injection vulnerability when exploited together could allow a remote unauthenticated attacker to execute arbitrary commands. Resolution Apply the...

Bash environment variable code injection over HTTP

Added: 09/26/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Problem The Bash shell executes commands injected after function definitions contained in environment variables. This could be used by a...

VMware ESXi OpenSLP heap overflow

Added: 02/10/2023 Background VMware ESXi is a bare metal hypervisor. Problem A heap overflow vulnerability in the OpenSLP service could allow an attacker on the same network segment to execute arbitrary commands. Resolution Upgrade to a fixed version referenced in VMSA-2021-0002 or disable the SL...

IBM Rational Quality Manager and Test Lab Manager Policy Bypass

Added: 11/05/2010 CVE: CVE-2010-4094 BID: 44172 Background IBM Rational Quality Manager is a web-based centralized test management environment for test planning, workflow control, tracking and metrics reporting. IBM Rational Quality Manager incorporates Apache Tomcat 5 to help serve custom web...

Aruba ClearPass Policy Manager tipsSimulationUpload command execution

Added: 08/13/2020 CVE: CVE-2020-7115 Background Aruba ClearPass is a network access control solution. Problem A vulnerability in the tipsSimulationUpload.action resource allows remote attackers to execute arbitrary commands by uploading a shared object library in the uploadClientCertFile paramete...

IBM Aspera Faspex YAML deserialization

Added: 04/13/2023 Background IBM Aspera Faspex is a centralized, high-speed transfer solution using the FASP protocol. Problem A YAML deserialization vulnerability allows remote attackers to execute arbitrary commands by sending a POST request for relaypackage with specially crafted JSON content...

WebSVN search command execution

Added: 06/23/2021 Background WebSVN is a web interface for Subversion repositories. Problem A command injection vulnerability allows remote unauthenticated attackers to execute arbitrary commands by sending a specially crafted search request. Resolution Upgrade to WebSVN 2.6.1 or higher. Referenc...

inoERP form personalization module command execution

Added: 10/28/2020 Background inoERP is an open source web based enterprise management system. Problem A vulnerability in the formpersonalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the templatecode parameter. Resolution No fix is available at...

Langflow /api/v1/validate/code command injection

Added: 04/11/2025 CVE: CVE-2025-3248 Background Langflow is a low-code tool for building AI agents and workflows. Problem A command injection vulnerability in the /api/v1/validate/code API endpoint could allow a remote unauthenticated attacker to execute arbitrary commands by sending a specially...

GeoServer JAI-EXT extension command injection

Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging JAI is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...

Oracle WebLogic Apache Commons library deserialization vulnerability

Added: 11/20/2015 CVE: CVE-2015-4852 BID: 77539 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Apache Commons is a widely used Java library which is included in WebLogic Server. Problem A vulnerability in the Apache Commons library used by Oracl...

Weblizar School Management Pro plugin backdoor

Added: 08/12/2022 CVE: CVE-2022-1609 Background Weblizar School Management is a WordPress plugin for management of school operations. Problem The license checking code in School Management Pro contains a backdoor which allows remote attackers to execute arbitrary commands. Resolution Upgrade to t...

Aruba ClearPass Policy Manager tipsSimulationUpload command execution

Added: 08/13/2020 CVE: CVE-2020-7115 Background Aruba ClearPass is a network access control solution. Problem A vulnerability in the tipsSimulationUpload.action resource allows remote attackers to execute arbitrary commands by uploading a shared object library in the uploadClientCertFile paramete...

FileCatalyst Workflow ftpservlet file upload

Added: 04/08/2024 Background FileCatalyst Workflow is a managed file transfer product. Problem The ftpservlet component in the FileCatalyst Workflow web portal is affected by a directory traversal vulnerability which could allow an anonymous user to upload files to arbitrary locations. This leads...

Joomla User-Agent PHP object injection

Added: 12/17/2015 CVE: CVE-2015-8562 BID: 79195 Background Joomla is a content management system written in PHP. Problem A vulnerability which occurs when Joomla saves browser session information could allow a remote, unauthenticated attacker to inject PHP objects via the User-Agent header, leadi...

Microsoft IIS FTP Server NLST Command Remote Overflow

Added: 09/03/2009 CVE: CVE-2009-3023 BID: 36189 OSVDB: 57589 Background Microsoft Internet Information Server IIS includes a web server and an FTP server. Problem A stack overflow in the FTP server in IIS 5 and 6.0 via a crafted NLST command that uses wildcards allows remote authenticated users t...