Metasploit Exploits
3,228 exploits tracked across all sources.
OpenTSDB 2.4.0 unauthenticated command injection
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.)
by Shai rod, Erik Wynter
CVSS 9.8
Shenzhen Aitemi M300 Wi-Fi Repeater - Command Injection
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes.
by Valentin Lobstein
Zyxel DX5401-B0 <V5.17(ABYO.1)C0 - Info Disclosure
The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.
CVSS 7.5
Getgrav Grav-plugin-admin < 1.10.8 - Improper Access Control
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
by Mehmet Ince <[email protected]>
CVSS 9.3
Nagios XI <5.4.13 - SQL Injection
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
by Cale Smith, Benny Husted, Jared Arave
CVSS 9.8
Tiki Wiki CMS <14.1-6.14 - Command Injection
An authenticated command injection vulnerability exists in Tiki Wiki CMS versions ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14 via the `viewmode` GET parameter in `tiki-calendar.php`. When the calendar module is enabled and an authenticated user has permission to access it, an attacker can inject and execute arbitrary PHP code. Successful exploitation leads to remote code execution in the context of the web server user.
by h00die <[email protected]>, Dany Ouellet
Lexmark <2023-02-19 - Info Disclosure
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).
by James Horseman, Zach Hanley, jheysel-r7
CVSS 8.1
Ivanti Endpoint Manager Mobile - Code Injection
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
by watchTowr, sfewer-r7
CVSS 9.8
Github < 2.8.7 - Insecure Deserialization
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.
CVSS 9.8
D-Link DSL-2750B <1.05 - Command Injection
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.
by p@ql
CVSS 9.8
Al-enterprise Omnipcx Enterprise Comm... - Command Injection
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
by aushack
CVSS 9.8
Nagios XI 5.7.3 - Command Injection
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.
by Chris Lyne, Erik Wynter
CVSS 7.2
Vmware Vrealize Log Insight < 4.8 - Information Disclosure
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
by Horizon3.ai Attack Team
CVSS 5.3
Mjdm Majordomo < 2023-11-15 - Command Injection
MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.
by Valentin Lobstein, smcintyre-r7
CVSS 9.8
GNU C Library <2.39 - Buffer Overflow
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
by Sergey Temnikov, Charles Fol, Heyder, jheysel-r7
CVSS 7.3
Crestron Am-100 Firmware < 2.4.1.19 - OS Command Injection
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
CVSS 9.8
IPFire <2.19 - Authenticated RCE
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.
by h00die <[email protected]>, Yann CAM
Authenticated RCE in Splunk (splunk_archiver app)
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“ application.
by Maksim Rogov, Alex Hordijk, psytester
CVSS 8.8
Paloaltonetworks Expedition < 1.2.96 - OS Command Injection
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
by Michael Heinzl, Zach Hanley, Enrique Castillo, Brian Hysell
CVSS 6.5
Remote Code Execution Vulnerability in MotionEye Frontend (CVE-2025-60787)
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
by Maksim Rogov, prabhatverma47
CVSS 7.2
Ivanti Connect Secure Authenticated Remote Code Execution via OpenSSL CRLF Injection
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.
by Richard Warren, Christophe De La Fuente
CVSS 8.8
IBM Security QRadar SIEM <7.4 - Auth Bypass
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824.
by Pedro Ribeiro <[email protected]>
CVSS 8.8
Xorcom CompletePBX <5.2.35 - Command Injection
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user.
This issue affects CompletePBX: all versions up to and prior to 5.2.35
by Valentin Lobstein
CVSS 8.8
Contec Solarview Compact Firmware < 6.00 - Command Injection
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
CVSS 9.8
Rejected
Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-55890. Notes: All CVE users should reference CVE-2024-55890 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage.
by taiphung217, Takahiro Yokoyama
By Source