F5 BIG-IQ VE 8.0.0-2923215 Remote Root

F5 BIG-IQ VE v8.0.0-2923215 Post-auth Remote Root RCE CVE-2021-23024 ======= Details ======= It was possible to execute commands with root privileges as an authenticated privileged user via command injection in easy-setup-test-connection. There are two blind command injection bugs in Test DNS...

Cisco Modeling Labs 2.1.1-b19 Remote Command Execution Exploit

Cisco Modeling Labs 2.1.1-b19 Post-Auth RCE Vulnerability CVE-2021-1531 ======= Details ======= Authenticated command injection in the web portal via the X-Original-File-Name header. Tested with portal 'admin' user who does not have a system login or SSH access, but likely works for any user who...

Cisco Modeling Labs 2.1.1-b19 Remote Command Execution

Cisco Modeling Labs 2.1.1-b19 Post-Auth RCE Vulnerability CVE-2021-1531 ======= Details ======= Authenticated command injection in the web portal via the X-Original-File-Name header. Tested with portal 'admin' user who does not have a system login or SSH access, but likely works for any user who...

CVE-2021-23895 Authorized deserialization of untrusted data in McAfee DBSec

Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...

Backdoor.Win32.Small.n Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/fb24c3509180f463c9deaf2ee6705062.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Small.n Vulnerability: Unauthenticated Remote Command Execution SYSTEM Description: T...

Backdoor.Win32.Delf.zs Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/911e96073cfe807289366343aa8d97ac.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.zs Vulnerability: Unauthenticated Remote Command Execution Description: Backdoor...

USN-4875-1 opensmtpd vulnerabilities

It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could possibly use this vulnerability to execute arbitrary commands as root. CVE-2020-7247 It was discovered that OpenSMTPD did not properly handle hardlinks und...

CVE-2021-26809

PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php...

CVE-2021-26809

PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php...

CVE-2021-26809

PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php...

CVE-2021-26809

CVE-2021-26809 affects PHPGurukul Car Rental Project version 2.0. The vulnerability is a remote shell upload in changeimage1.php, enabling an attacker to upload arbitrary code and potentially take control of the system. Practical impact is remote code execution with high severity. Remediation/mit...

PT-2021-17143 · Unknown · Phpgurukul Car Rental Project

Name of the Vulnerable Software and Affected Versions: PHPGurukul Car Rental Project version 2.0 Description: The issue is related to a remote shell upload vulnerability. This vulnerability is present in the changeimage1.php file, allowing for potential malicious activity. Recommendations: For...

Phpgurukul PHPGurukul Car Rental Projec Code Issue Vulnerability

Phpgurukul PHPGurukul Car Rental Projec is an application of the American company PHPGurukul Car Rental Projec Phpgurukul. It provides car rental services. A code issue vulnerability exists in PHPGurukul Car Rental Project version 2.0, which stems from a remote shell upload vulnerability in...

DeathStalker APT Spices Things Up with PowerPepper Malware

The DeathStalker advanced persistent threat APT group has a hot new weapon: A highly stealthy backdoor that researchers have dubbed PowerPepper, used to spy on targeted systems. DeathStalker offers mercenary, espionage-for-hire services targeting the financial and legal sectors, according to...

CVE-2020-29379

An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access...

Code Projects Artworks Gallery Code Issues Vulnerabilities

Code Projects Artworks Gallery is an online artwork management builder system organized by Code Projects. A security vulnerability exists in Artworks Gallery version 1.0 that stems from multiple remote shell upload vulnerabilities...

Malicious Package

plutov-slack-client is a malicious package. The package opens a shell to a remote server when installed...

Command Execution Vulnerability in SSH of UPS Management Module at VitiTech Ltd.

VitiTech is an uninterruptible power supply, automation control equipment and industrial battery company. A command execution vulnerability exists in SSH, the UPS management module of Verti Technologies Ltd. The vulnerability can be exploited to remotely execute system shell commands bypassing...

AutoRDPwn v5.1 - The Shadow Attack Framework

AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. This vulnerability listed as a feature by Microsoft allows a remote attacker to view his victim's desktop without his consent, and even control it on...

Nextcloud: Code injection possible with malformed Nextcloud Talk chat commands

Summary The Nextcloud Talk app allows system administrators to setup chat commands that can be executed in Talk using the "/command" syntax. Users can provide additional arguments to the commands, such as "/calc 1+1" or "/wiki Hello", which are passed to the underlying script using @exec. If...