D-Link Central WiFiManager FTP Server is vulnerable to an unauthenticated php remote file inclusion, allowing attackers to execute arbitrary php code in the system.

CMS Made Simple is vulnerable to an authenticated php command injection, allowing attackers to execute arbitrary php code in the system.

Advantech WebAccess Node is vulnerable to an unauthenticated remote file inclusion, allowing attackers to execute arbitrary code in the system.

WordPress is prone to an abuse in the Lost Password recovery action. This vulnerability allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via an injection crafted in HTTP_HOST request property. The attack will not leave any trace. This exploit installs an OS Agent.

This module uses an OS Command Injection vulnerability to gain arbitrary code execution on the affected system.

RESTful Web Services Module does not properly sanitize data from non-form sources. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution.

The 'recentVersion' parameter from the snserv endpoint is vulnerable to OS Command Injection when check and execute update operations are performed. This module exploits this vulneravility to install an agent

Tp-link EAP Controller does not handle privilege management correctly so a non privileged user can execute privileged actions. This module will try to change the device's settings and enable ssh in order to take control of the managed Access Points.

CMS Made Simple is vulnerable to an authenticated php remote file inclusion, allowing attackers to execute arbitrary php code in the system.

This module uses a OS Command Injection vulnerability present in Cisco UCS Manager ping function to gain arbitrary code execution on the affected system.