CVE-2023-25152

Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their...

CVE-2023-25152 Symbolic Link (Symlink) Following in github.com/pterodactyl/wings

Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their...

CVE-2023-25152 Symbolic Link (Symlink) Following in github.com/pterodactyl/wings

Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their...

CVE-2023-24508

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods...

CVE-2023-24508

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods...

Command injection

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have...

CVE-2023-24508

CVE-2023-24508 affects Baicells Nova 227, Nova 233, Nova 243 (and Nova 246) LTE TDD eNodeB devices with RTS/RTD 3.6.6. The vulnerability allows remote code execution via HTTP command injections, with commands executed in pre-login context and at root privilege level. Technical details in the conn...

Roxy Fileman 1.4.6 Remote Shell Upload

Exploit Title: Roxy Fileman Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20210126213412/https://roxyfileman.com/download.php?f=1.4.6-php Version: \t\n' banner += '\t\t\t\t\t\t\n' banner += '\n' parser = OptionParser parser.addoption"-u", "--url", dest="url", help="u...

CVE-2022-44544

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript...

CVE-2022-44544

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript...

Design/Logic Flaw

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript...

CVE-2022-44544

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript...

CVE-2022-44544

CVE-2022-44544 affects Mahara versions: 21.04 up to 21.04.7, 21.10 up to 21.10.5, 22.04 up to 22.04.3, and 22.10 up to 22.10.0. The vulnerability stems from the PDF export function lacking sufficient protection, potentially allowing a remote shell if Ghostscript runs on Ubuntu without -dSAFER. Af...

CVE-2022-44544

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript...

New Ursnif Variant Likely Shifting Focus to Ransomware and Data Theft

The Ursnif malware has become the latest malware to shed its roots as a banking trojan to revamp itself into a generic backdoor capable of delivering next-stage payloads, joining the likes of Emotet, Qakbot, and TrickBot. "This is a significant shift from the malware's original purpose to enable...

Security Bulletin: IBM QRadar SIEM can be affected by a command injection vulnerability (CVE-2013-2970)

Abstract A vulnerability has been discovered within the IBM QRadar Security Information and Event Manager SIEM software that allows an authenticated user to execute limited operating system commands on the QRadar device and gain limited remote shell access. Content VULNERABILITY DETAILS:...

CVE-2022-2070

In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the...

Grandstream GSD3710 缓冲区错误漏洞

The Grandstream GSD3710 is an HD video access control system from Grandstream. A security vulnerability exists in the Grandstream GSD3710 version 1.0.11.13, which originates from not checking the length of parameters before using the strcopy command, and can be exploited by an attacker to create ...

PT-2022-23268 · Unknown · Siteserver Cms

Name of the Vulnerable Software and Affected Versions: SiteServerCMS versions 5.X Description: The issue is related to a Remote-download-Getshell-vulnerability. This vulnerability can be exploited via the "/SiteServer/Ajax/ajaxOtherService.aspx" API endpoint. Recommendations: For SiteServerCMS...

SiteServerCMS 安全漏洞

SSCMS SiteServerCMS SSCMS is an open source, cross-platform, enterprise-level content management system from China's SSCMS Corporation. A security vulnerability exists in SiteServerCMS version 5.X. The vulnerability stems from a remote download Getshell vulnerability via...