9 matches found
EUVD-2025-37582
The Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savepostdata function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, with...
CVE-2023-37582
creationtimestamp| type| source ---|---|--- 2023-07-15 10:35:02+00:00| published-proof-of-concept| https://t.me/proxybar/1626 2023-07-15 14:45:28+00:00| published-proof-of-concept| https://t.me/crackcodes/3898 2023-07-15 14:46:28+00:00| published-proof-of-concept|...
Exploit for Code Injection in Apache Rocketmq
CVE-2023-37582EXPLOIT Apache RocketMQ Arbitrary File Write Vu...
org.apache.rocketmq:rocketmq-dashboard (=2.0.0), org.apache.rocketmq:rocketmq-test (>=5.0.0 <=5.1.1) potentially affected by CVE-2023-37582 via org.apache.rocketmq:rocketmq-namesrv (>=5.0.0 <=5.1.1)
org.apache.rocketmq:rocketmq-namesrv MAVEN version =5.0.0, =5.0.0, =5.1.1 Source cves: CVE-2023-37582 Source advisory: OSV:GHSA-GPQ8-963W-8QC9...
cn.chendahai:rocketmq-console-alarm (=1.0.3), com.webank.defibus:defibus-namesrv (>=1.0.0 <=1.0.1) +10 more potentially affected by CVE-2023-37582 via org.apache.rocketmq:rocketmq-namesrv (>=4.0.0-incubating <=4.9.6)
org.apache.rocketmq:rocketmq-namesrv MAVEN version =4.0.0-incubating, =1.0.0, =0.0.7, =1.2.0-release, =1.10.0-release, =1.9.0-release, =1.2.0-release, =1.9.0-release, =2.0.0, =4.0.0-incubating, =4.9.6 Source cves: CVE-2023-37582 Source advisory: OSV:GHSA-GPQ8-963W-8QC9...
CVE-2023-37582
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
CVE-2023-37582
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
CVE-2023-37582 Apache RocketMQ: Possible remote code execution when using the update configuration function
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
CVE-2023-37582
The CVE-2023-37582 entry concerns Apache RocketMQ’s NameServer remote code execution when addresses are exposed on the extranet and permission checks are missing. The vulnerability stems from insufficient access control in the update configuration path, enabling commands to execute as the RocketM...