There is an object injection vulnerability in swfupload plugin for wordpress.
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron annotation to validate untrusted Cron expressions are affected. The issue was patched and a new version was released. Please upgrade to version 9.1.6. There are no known workarounds known.
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.
Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging
An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function.
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.
An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted.
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.
Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).
Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro.
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function.
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors.
Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7.
rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set.
This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using edx-i18n-tools. This validation included protection against malformed translations and translations-based script injections. Prior to this patch, the validation implemented in the openedx-translations repository did not include the same protections. The maintainer inspected the translations in the edx-platform directory of both the main and open-release/redwood.master branches of the openedx-translations repository and found no evidence of exploited translation strings.
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code.
BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the `BinderHub.repo_providers` as a workaround.
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.
Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php. NOTE: this is a similar vulnerability to CVE-2006-2583. NOTE: this issue has been disputed by third parties, who state that the DIR_LIBS parameter is defined in an include file before being used
The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.
MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()`. The vulnerability allows an attacker to inject Python code into the `expression` parameter when using `/math` in any Discord channel. This vulnerability impacts any discord guild utilizing MEGABOT. This vulnerability was fixed in release version 1.5.0.
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6100v2 before 1.0.1.86, EX6200v2 before 1.0.1.78, EX6250 before 1.0.0.110, EX6410 before 1.0.0.110, EX6420 before 1.0.0.110, EX6400v2 before 1.0.0.110, EX7300 before 1.0.2.144, EX6400 before 1.0.2.144, EX7320 before 1.0.0.110, EX7300v2 before 1.0.0.110, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.90, RBK40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.72, XR500 before 2.3.2.56, and XR700 before 1.0.1.20.
An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose.
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request.
PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server).
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins).
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php
SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script.
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request.