Enable SVG, WebP & ICO Upload Security Vulnerabilities

CVE-2024-32491

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available.....

Fedora 40 : vips (2024-791f8d9804)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-791f8d9804 advisory. libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to...

Doctor Appointment Management System 1.0 Cross Site Scripting

...

Fedora 40 : libfilezilla (2024-0b8ed349ad)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0b8ed349ad advisory. Patch for upload crash (FEDORA-2024-0b8ed349ad) Note that Nessus has not tested for this issue but has instead relied only on the application's...

Newsletters < 4.9.6 - Authenticated (Admin+) Arbitrary File Upload

Description The Newsletters plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the.....

WP-Lister Lite for eBay < 3.6.0 - Authenticated (Shop Manager+) Arbitrary File Upload

Description The WP-Lister Lite for eBay plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 3.6.0 (exclusive). This makes it possible for authenticated attackers, with shop manager-level access and above, to upload arbitrary files.....

Doctor Appointment Management System 1.0 Cross Site Scripting Vulnerability

...

Fedora 40 : baresip / libre (2024-a63e807450)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-a63e807450 advisory. Baresip v3.10.1 (2024-03-12) Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process...

Contest Gallery < 21.3.5 - Authenticated (Author+) Arbitrary File Deletion

Description The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including, 21.3.4. This.....

Fedora 40 : rubygem-loofah (2023-1bbea3700b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1bbea3700b advisory. Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah &gt;= 2.2.0, &lt;...

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...

CVE-2024-33438

File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar...

RHEL 9 : Red Hat OpenStack Platform 17.0 (python-flask) (RHSA-2023:3440)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3440 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...

RHEL 8 : Red Hat OpenStack Platform 16.2 (python-flask) (RHSA-2023:3444)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3444 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...

RHEL 8 : Satellite 6.13.5 Async Security Update (Important) (RHSA-2023:5931)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5931 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 8 : Red Hat OpenStack Platform 16.1 (python-flask) (RHSA-2023:3446)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3446 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...

RHEL 7 / 8 : Satellite 6.11 Release (Moderate) (RHSA-2022:5498)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5498 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...

Exploit for Path Traversal in Aiohttp

poc-cve-2024-23334 This repository contains a proof of...

Exploit for CVE-2024-27956

CVE-2024-27956 Note Build wordpress: docker-compose -f...

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.4.19 (RHSA-2018:0271)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0271 advisory. artemis/hornetq: memory exhaustion via UDP and JGroups discovery (CVE-2017-12174) tomcat: Remote Code Execution bypass for CVE-2017-12615...

Metasploit Weekly Wrap-Up 04/26/24

Rancher Modules This week, Metasploit community member h00die added the second of two modules targeting Rancher instances. These modules each leak sensitive information from vulnerable instances of the application which is intended to manage Kubernetes clusters. These are a great addition to...

CVE-2024-32880

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of...

CVE-2024-32880

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of...

CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of...

Remote Code Execution

uvdesk/core-framework is vulnerable to Remote Code Execution. This vulnerability is due to insufficient input validation, allowing attackers to upload malicious files which result in Remote Code...

CVE-2024-3962

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary...

CVE-2024-3962

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary...

CVE-2024-3962

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary...

Unrestricted Upload Of File With Dangerous Type

thinkcmf/thinkcmf vulnerable to Unrestricted Upload of File with Dangerous Type. The vulnerability is due to insufficient validation of file extensions during the upload process in UeditorController.php. This flaw allows an attacker to execute arbitrary code via uploaded malicious...

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

Threat actors are attempting to actively exploit a critical security flaw in the ValvePress Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to....

CVE-2024-33668

An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access...

CVE-2024-33668

An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access...

CVE-2024-33668

An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access...

CVE-2024-33668

An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access...

CVE-2024-0916

Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through...

CVE-2024-0916

Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through...

CVE-2024-0916

Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through...

CVE-2024-0916 Unauthenticated Remote Code Execution in UvDesk Community

Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through...

CVE-2024-31610

File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted...

CVE-2024-31610

File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted...

CVE-2024-31615

ThinkCMF 6.0.9 is vulnerable to File upload via...

CVE-2024-31615

ThinkCMF 6.0.9 is vulnerable to File upload via...

CVE-2024-3508

A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be...

CVE-2024-3508

A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be...

CVE-2024-3508 Bzip2: compressed content bomb leads to denial of service of bombastic api

A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be...

CVE-2024-3508 Bzip2: compressed content bomb leads to denial of service of bombastic api

A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be...

CVE-2024-25624

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability.....

CVE-2024-25624

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability.....

DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server

This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.apache.struts:struts2-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL.....