Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
code execution vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2019-19509
An issue exists in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
Rconfig Rconfig 3.9.3
1 EDB exploit
1 Github repository
6.8
CVSSv2
CVE-2007-5056
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and previous versions, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote malicious users to execute arbitrary code via PHP sequences in the l...
Adodb Lite Adodb Lite
Pacercms Pacercms
Sapid Sapid Cmf
Cmsmadesimple Cms Made Simple
Journalness Journalness
Open-realty Open-realty
5 EDB exploits
NA
CVE-2023-41892
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations prior to 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Craftcms Craft Cms
1 Metasploit module
5 Github repositories
10
CVSSv2
CVE-2018-5999
An issue exists in AsusWRT prior to 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
Asus Asuswrt
2 EDB exploits
10
CVSSv2
CVE-2018-6000
An issue exists in AsusWRT prior to 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows malicious users to set the admin password and launch an SSH daemon (or enable i...
Asus Asuswrt
2 EDB exploits
6.8
CVSSv2
CVE-2018-17980
NoMachine prior to 5.3.27 and 6.x prior to 6.3.6 allows malicious users to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and th...
Nomachine Nomachine
1 EDB exploit
7.5
CVSSv2
CVE-2018-5955
An issue exists in GitStack up to and including 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated malicious user to add a user to the server via the username and password fields to the rest/user/ URI.
Smartmobilesoftware Gitstack
2 EDB exploits
8 Github repositories
NA
CVE-2022-31814
pfSense pfBlockerNG up to and including 2.1.4_26 allows remote malicious users to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.
Netgate Pfblockerng
1 EDB exploit
5 Github repositories
NA
CVE-2020-28320
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none
7.5
CVSSv2
CVE-2013-6225
LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability
Livezilla Livezilla 5.0.1.4
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »