CVE-2024-3500 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets

The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...

Better Elementor Addons < 1.4.2 - Authenticated(Contributor+) Local File Inclusion

Description The Better Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.1. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowi...

PT-2024-30276 · Hubbank · Hubbank

Name of the Vulnerable Software and Affected Versions: HubBank version 1.0.2 Description: The issue allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution. This is a critical unrestricted file upload vulnerability. Recommendations: For...

CVE-2024-29368

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content...

CVE-2024-29368

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content...

Easy Social Share Buttons < 9.5 - Authenticated (Subscriber+) Local File Inclusion

Description The Easy Social Share Buttons for WordPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the...

VulnCheck KEV: CVE-2024-29988

Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web MotW feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file...

The vulnerability of the _libcap_strdup() function in the Libcap library allows a hacker to execute arbitrary PHP files on the server.

The vulnerability of the libcapstrdup function in the Libcap library is related to overflow if the input string is close to 4 GiB in size. Exploiting this vulnerability could allow an attacker to execute arbitrary PHP files on the server...

PT-2024-18666 · WordPress · Elementskit Elementor Addons

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.0.6 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server via the...

WordPress Plugin The Plus Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin The Plus Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-39933

CVE-2023-39933 affects A.K.I Software PMailServer/PMailServer2, specifically the Broadcast Mail CGI (pmc.exe). The vulnerability is described as Insufficient verification, enabling an attacker who can upload files through the product to execute an arbitrary executable with the web server’s privil...

Design/Logic Flaw

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file...

CVE-2024-28222

CVE-2024-28222 affects Veritas NetBackup prior to 8.1.2 and NetBackup Appliance prior to 3.1.2. The BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. Impact is impactful: high confidentiality, integrity, and availability r...

CVE-2024-22514

An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file...

CVE-2024-22514

An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file...

CVE-2024-0844

The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute...

Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. "Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord," Tren...

fontTools Code Issue Vulnerability

fontTools is a library written in Python for manipulating fonts. A code issue vulnerability exists in fontTools versions prior to 4.43.0. An attacker can exploit this vulnerability to run arbitrary files from fontTools' filesystem...

CVE-2023-38622

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the intege...