The Cacti version 1.2.26 is vulnerable to authenticated remote code execution. An attacker can exploit this vulnerability to execute arbitrary code on the target system. This vulnerability is identified as CVE-2024-25641.
XWiki Platform is vulnerable to a critical Remote Code Execution (RCE) vulnerability that allows guest users to execute arbitrary code remotely via the SolrSearch endpoint. This can result in a complete server compromise, granting the attacker the ability to run commands on the underlying system, impacting the confidentiality, integrity, and availability of the XWiki installation. The issue has been addressed in XWiki versions 15.10.11, 16.4.1, and 16.5.0RC1.
The Angular-Base64-Upload Library version 0.1.20 is vulnerable to Remote Code Execution (RCE) prior to v0.1.21. An unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the target system. This exploit has been assigned CVE-2024-42640 with a severity rating of Critical (CVSS 10.0).
An exploit in Artica Proxy 4.50 allows remote attackers to execute arbitrary code by uploading a malicious file. This vulnerability is identified as CVE-2024-2054.
The exploit allows an attacker to achieve Remote Code Execution (RCE) on Pymatgen 2024.1 by crafting a malicious CIF file with a reverse shell payload. By triggering the Pymatgen CIF parser to parse this file, an attacker can execute arbitrary commands on the target system.
The CyberPanel version 2.3.6 and earlier allows remote attackers to execute arbitrary code via a crafted request to specific endpoints, leading to command injection. This vulnerability has been assigned CVE-2024-51378.
The Apache HugeGraph Server version 1.2.0 and prior is vulnerable to remote code execution. By sending a crafted payload to the server, an attacker can execute arbitrary code on the target system.
An attacker can exploit GetSimpleCMS version 3.3.16 by creating a malicious .phar file that contains a PHP script allowing the execution of arbitrary commands. By uploading this file through a vulnerable upload functionality, the attacker can trigger the execution of the injected code remotely, leading to a remote code execution vulnerability. This vulnerability is identified as CVE-2021-28976.
The exploit allows remote code execution in Apache Commons Text version less than 1.10.0 by sending a malicious payload via a POST request. This exploit uses a script interpolator to execute arbitrary commands on the target system.
The exploit allows an attacker to perform Remote Code Execution on qBittorrent version 5.0.1 and below by intercepting the host machine using a Man-In-The-Middle (MITM) attack. By running the Proof of Concept (PoC) exploit, the attacker can inject any malicious executable instead of the legitimate Python installer.