CVE-2021-44664

An Authenticated Remote Code Exection RCE vulnerability exists in Xerte through 3.9 in websitecode/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files...

CVE-2022-23375

WikiDocs version 0.1.18 contains an authenticated remote code execution vulnerability. An attacker can upload a malicious file via the image upload form through index.php, enabling remote code execution. Multiple connected sources corroborate the issue, including Red Hat and other advisories. The...

CVE-2022-23375

WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php...

CVE-2021-44255

MotionEye (≤ 0.42.1) and MotionEyeOS (≤ 20200606) expose an authenticated RCE via uploading a configuration backup containing a malicious Python pickle. This allows a remote attacker to execute arbitrary code on the server when the installation is reachable over the Internet with weak/absent auth...

motionEyeOS和MotionEye-Project MotionEye 访问控制错误漏洞

Both motionEyeOS and MotionEye-Project MotionEye are products of Calin Crisan, an individual developer. motionEyeOS is a video surveillance operating system for single-board computers. motionEye-Project MotionEye is a web-based motion front-end. An access control error vulnerability exists in...

CVE-2021-36295

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system...

CVE-2021-40387

An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution...

CVE-2021-40387

CVE-2021-40387 affects the server software in Kaseya Unitrends Backup Software before 10.5.5-2 . The vulnerability enables authenticated remote code execution . Available connected documents confirm the affected product and impact but do not provide concrete exploit details, specific root cause, ...

CVE-2021-3164

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php...

CVE-2021-3164

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php...

Church Rota 2.6.4 Shell Upload

import requests from pwn import listen CVE-2021-3164 Church Rota version 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file. The application is written primarily with PHP so we use PHP ...

CVE-2020-17503

CVE-2020-17503 affects Barco NDN-210 (TransForm N) via a command injection in split_card_cmd.php. The vulnerability allows authenticated users to perform remote code execution over the web admin panel due to improper handling of the http parameter "locking". Affected product is Barco TransForm N;...

CVE-2020-17502

Barco TransForm N before 3.8 allows Command Injection issue 2 of 4. The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An...

CVE-2020-15867

The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in th...

CVE-2020-15467

The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise...

Nagios XI 5.6.12 - (export-rrd.php) Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution Exploit Author: Basim Alabdullah Vendor homepage: https://www.nagios.com Version: 5.6.12 Software link: https://www.nagios.com/downloads/nagios-xi/ Tested on: CentOS REDH...

CVE-2020-10795

Product affected: Gira TKS-IP-Gateway 4.0.7.7. Vulnerabilities: (1) Path traversal (CNVD-2020-41719/CVE-2020-10794) could allow an attacker to download the application database; (2) Authenticated remote code execution via the backup function of the web frontend (CVE-2020-10795) with potential rem...

CVE-2020-10382

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler...

Bolt CMS 3.7.0 - Authenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Bolt CMS 3.7.0 - Authenticated Remote Code Execution Exploit Author: r3m0t3nu11 Vendor Homepage: https://bolt.cm/ Software Link: https://bolt.cm/ Version: up to date and 6.x Tested on: Linux CVE : not-yet-0day last version p0c...

Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution Exploit

Exploit for multiple platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Vesta Control Panel Authenticated Remote Code Execution", 'Description' = %q This modu...