The exploit allows an attacker to execute remote code in FoxCMS v.1.2.5. By sending a specially crafted payload to the target, an attacker can run arbitrary commands on the system. This vulnerability is identified as CVE-2025-29306.
Unauthenticated remote code execution vulnerability in Chamilo LMS version 1.11.24 (Beersel) allows attackers to upload files without restrictions, leading to remote code execution.
The exploit allows an attacker to execute arbitrary JavaScript code in PDF.js in Firefox ESR version 115.11. By manipulating a crafted PDF file, an attacker can trigger this vulnerability. This exploit is identified as CVE-2024-4367.
An exploit in Artica Proxy 4.50 allows remote attackers to execute arbitrary code by uploading a malicious file. This vulnerability is identified as CVE-2024-2054.
The exploit allows an attacker to achieve Remote Code Execution (RCE) on Pymatgen 2024.1 by crafting a malicious CIF file with a reverse shell payload. By triggering the Pymatgen CIF parser to parse this file, an attacker can execute arbitrary commands on the target system.
An attacker can exploit GetSimpleCMS version 3.3.16 by creating a malicious .phar file that contains a PHP script allowing the execution of arbitrary commands. By uploading this file through a vulnerable upload functionality, the attacker can trigger the execution of the injected code remotely, leading to a remote code execution vulnerability. This vulnerability is identified as CVE-2021-28976.
The exploit involves injecting {{7*7}} in the search parameter of Loaded Commerce 6.6, resulting in a template injection vulnerability. Similarly, submitting {{constructor.constructor('alert(1)')()}} in the email field on the 'Forgot Password' page triggers client-side code execution.
The Rejetto HTTP File Server version 2.3m is vulnerable to remote code execution, allowing attackers to execute arbitrary code on the server. This vulnerability has been assigned the CVE-2024-23692.
The exploit allows remote attackers to execute arbitrary code on the target system. The vulnerability exists in XWiki Standard 14.10. By sending a malicious payload, an attacker can execute commands on the system.
The Hugging Face Transformers MobileViTV2 version 4.41.1 is vulnerable to Remote Code Execution (RCE) through a maliciously crafted YAML configuration file. By deserializing this configuration file using the convert_mlcvnets_to_pytorch.py script, an attacker can execute arbitrary code on the target system. This exploit has been assigned the CVE-2024-11392.
Services By CQR