The Widget Connector macro in Atlassian Confluence Server allows remote attackers to achieve path traversal and remote code execution via server-side template injection.
WordPress is prone to an abuse in the Lost Password recovery action. This vulnerability allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via an injection crafted in HTTP_HOST request property. The attack will not leave any trace. This exploit installs an OS Agent.
This module uses an OS Command Injection vulnerability to gain arbitrary code execution on the affected system.
RESTful Web Services Module does not properly sanitize data from non-form sources. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution.
The 'recentVersion' parameter from the snserv endpoint is vulnerable to OS Command Injection when check and execute update operations are performed. This module exploits this vulneravility to install an agent
This module uses a OS Command Injection vulnerability present in Cisco UCS Manager ping function to gain arbitrary code execution on the affected system.
This module uses a Privilege escalation vulnerability in QNAP Qcenter Virtual Appliance and an OS Command Injection vulnerability to gain arbitrary code execution on the affected system.
Drupal is prone to an OS command injection vulnerability that allows attackers to take advantage of an improper validation of user-supplied data in the Form API Ajax Requests.
Symantec Messaging Gateway is prone to an Authentication Bypass vulnerability that allows attackers to take advantage of an improper validation of user-supplied data in the RestoreAction.performRestore method. An attacker can leverage this vulnerability to execute arbitrary code in the context of root.
TrendMicro is prone to an abuse in the talker.php function to get authentication bypass, combined with the mod TMCSS user-supplied unvalidated input before using it to execute a system calls leads us to execute arbitrary code. This exploit installs an OS Agent.