BIQS IT Biqs-drive v1.83 Local File Inclusion

A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. id: CVE-2021-394...

Studio-42 elFinder <2.1.60 - Arbitrary File Upload

Studio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connector.minimal.php which could allow a remote user to upload arbitrary files and execute PHP code. id: CVE-2021-43421 info: name: Studio-42 elFinder 2.1.60 - Arbitrary File Upload author: akincibor severity:...

Atmail 6.5.0 - Cross-Site Scripting

Atmail 6.5.0 contains a cross-site scripting vulnerability in WebAdmin Control Pane via the format parameter to the default URI, which allows remote attackers to inject arbitrary web script or HTML via the “format” parameter. id: CVE-2021-43574 info: name: Atmail 6.5.0 - Cross-Site Scripting...

WordPress Workreap - Remote Code Execution

WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to th...

XStream 1.4.18 - Remote Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

WordPress DZS Zoomsounds <=6.50 - Local File Inclusion

WordPress Zoomsounds plugin 6.45 and earlier allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsapdownload action using directory traversal in the link parameter. id: CVE-2021-39316 info: name: WordPress DZS Zoomsounds =6.51 to fix t...

Apache Solr <=8.8.1 - Server-Side Request Forgery

Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on anothe...

Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. This in turn can lead to remot...

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to...

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php. This in turn can lead ...

Member Hero <=1.0.9 - Remote Code Execution

WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware,...

WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution

WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code executio...

WordPress WooCommerce <3.1.2 - Arbitrary Function Call

WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary...

Microweber <1.2.12 - Integer Overflow

Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request. id: CVE-2022-0968 info: name: Microweber 1.2.12 - Integer...

LearnPress < 4.2.5.8 - Remote Code Execution

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to execute any...

NodeBB XML-RPC Request xmlrpc.php - XML Injection

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. id: CVE-2023-43187 info: name: NodeBB XML-RPC Request xmlrpc.php - XML Injection author: 0xParth...

WordPress Elementor 3.18.1 - File Upload/Remote Code Execution

The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server. id: CVE-2023-48777 info: name: WordPress Elementor 3.18.1 - File...

MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP cod...

JetBrains TeamCity > 2023.11.3 - Authentication Bypass

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible id: CVE-2024-23917 info: name: JetBrains TeamCity 2023.11.3 - Authentication Bypass author: iamnoooob,rootxharsh,pdresearch severity: critical description: | In JetBrains TeamCity before 2023.11.3...

Ivanti Connect Secure - XXE

Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. id: CVE-2024-22024 info: name: Ivanti Connect Secure - XXE author: watchTowr severity: high description: | Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. impact: | Successful exploitation of this...