CVE-2024-8865

CVE-2024-8865 affects Composio up to version 0.5.8. The vulnerability is a path traversal in the file parameter, specifically in the function path of composio/server/api.py. The root cause is manipulation of the argument file, which can lead to unauthorized file access. The exploit has been discl...

update-motd.d Persistence

This module will add a script in /etc/update-motd.d/ in order to persist a payload. The payload will be executed with root privileges everytime a user logs in. Module Options msf use exploit/linux/local/motdpersistence msf exploitmotdpersistence show targets ...targets... msf exploitmotdpersisten...

CVE-2024-8706 JFinalCMS com.cms.util.TemplateUtils update path traversal

A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to...

CVE-2024-8655

A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2024-21753

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or...

CVE-2024-43387

A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAILRELAYPASSWORD in mGuard devices...

CVE-2024-39581

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbitrary files...

CVE-2024-8580 TOTOLINK AC1200 T8 shadow.sample hard-coded password

A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather...

CVE-2024-8570 itsourcecode Tailoring Management System inccatadd.php sql injection

A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /inccatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit ha...

CVE-2024-8554

CVE-2024-8554 affects SourceCodester Clinics Patient Management System 2.0. The vulnerable component is the /users.php file, where manipulating the message parameter yields cross-site scripting. The issue enables remote exploitation and the exploit has been disclosed publicly. Public-facing explo...

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm

The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of...

CVE-2024-20506

A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...

CVE-2024-45310

CVE-2024-45310 affects runc 1.1.13 and earlier and 1.2.0-rc2 and earlier, where sharing a volume between two containers can trigger a race with os.MkdirAll to create empty files or directories in arbitrary host paths. An attacker must be able to start containers with a custom volume configuration...

CVE-2020-36830

The CVE-2020-36830 entry concerns the nescalante urlregex project (Backtracking component, index.js) with a Regular Expression Denial of Service (ReDoS) risk due to inefficient backtracking in the 0.5.0 release. Exploitation is reported to be remote, and public disclosure is noted across sources....

CVE-2024-8341 SourceCodester Petshop Management System add_user.php unrestricted upload

A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/adduser.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit h...

CVE-2024-8331

A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit ha...

CVE-2024-43955

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1...

CVE-2024-43955

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1...

CVE-2024-43955 WordPress Droip plugin <= 1.1.1 - Unauthenticated Arbitrary File Download/Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1...

CVE-2024-8304 jpress Template Module edit path traversal

A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal. The attack can be launched remotely. The...