CVE-2024-5466

Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option...

CVE-2024-2162 Authenticated Remote Code Execution in Kiloview NDI N series products

An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227...

CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

CVE-2024-22899

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the syncNtpTime function...

CVE-2023-51066

An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands...

PT-2024-14045 · Qstar · Qstar Archive Solutions

Name of the Vulnerable Software and Affected Versions: QStar Archive Solutions version RELEASE 3-0 Build 7 Patch 0 Description: The issue is an authenticated remote code execution vulnerability that allows attackers to arbitrarily execute commands. Recommendations: For QStar Archive Solutions...

Information disclosure

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The Home Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. While the UI doesn't...

CVE-2023-43661 Cachet vulnerable to Authenticated Remote Code Execution

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch...

CVE-2023-45354

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated remote attacker to execute arbitrary code on the operating system by using the Common Management Portal web interface. This is also known as OCMP-6589...

PT-2023-27792 · Unknown · Tef Portal

Name of the Vulnerable Software and Affected Versions: TEF portal version 2023-07-17 Description: The TEF portal is vulnerable to authenticated remote code execution. Recommendations: For TEF portal version 2023-07-17, at the moment, there is no information about a newer version that contains a f...

Icinga Web 2.10 Remote Code Execution

!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Authenticated Remote Code Execution Date: 8/07/2023 Exploit Author: Dante CoronaAka. cxdxnt Software Link: https://github.com/Icinga/icingaweb2 Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version:...

Icinga Web 2.10 - Authenticated Remote Code Execution Exploit

!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Authenticated Remote Code Execution Exploit Author: Dante CoronaAka. cxdxnt Software Link: https://github.com/Icinga/icingaweb2 Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version: 2.8.6, 2.9.6, 2....

Milesight UR32L 缓冲区错误漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. A buffer overflow vulnerability exists in the Milesight UR32L firewallhandlerset function due to incorrect boundary checking in the firewallhandlerset function. An authenticated, remote attacker could use this vulnerability to...

POS Codekop 2.0 Shell Upload

Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution RCE Date: 25-05-2023 Exploit Author: yuyudhn Vendor Homepage: https://www.codekop.com/ Software Link: https://github.com/fauzan1892/pos-kasir-php Version: 2.0 Tested on: Linux CVE: CVE-2023-36348 Vulnerability description: The...

H3C Magic R300 缓冲区错误漏洞

The H3C Magic R300 is a wireless router from China's Xinhua San H3C. The H3C Magic R300 suffers from a stack overflow vulnerability caused by a failure to properly bounds check the SetMobileAPInfoById interface on /goform/aspForm. An authenticated, remote attacker could exploit this vulnerability...

CVE-2023-30789

MonicaHQ 4.0.0 is vulnerable to an authenticated remote code-execution issue via CSTI in the people:id/work endpoint, using the job and company parameters. The root cause is tied to how the endpoint processes these parameters, enabling malicous code execution in the application. No exploitation d...

QNAP QuTS hero Multiple Vulnerabilities (QSA-23-02, QSA-23-06, QSA-23-10, QSA-23-11, QSA-23-15)

QNAP QuTS hero is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutshero"; ifdescriptio...

D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution

Exploit Title: D-Link DNR-322L Exploit Writeup: https://lukasec.ch/posts/dlinkdnr322.html Vendor Homepage: https://dlink.com Vendor Advisory: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10305 Software Link: http://legacyfiles.us.dlink.com/DNR-322L/REVA/FIRMWARE...

CVE-2023-1168

An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switc...

CVE-2022-43545

A vulnerability has been identified in POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, SICAM P850 All versions V3.10, SICAM P850 All versions V3.10, SICAM P850 All versions...