Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from th...

ServiceNow UI Macros - Template Injection

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...

Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. id: CVE-2024-7399 info: name: Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution author:...

Atlassian Confluence Server - Path Traversal

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...

Drupal - Remote Code Execution

Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 V contain certain field types that do not properly sanitize data from non-form sources, which can lead to arbitrary PHP code execution in some cases. id: CVE-2019-6340 info: name: Drupal - Remote Code Execution author: madrobot severity:...

Apache Struts <=2.5.20 - Remote Code Execution

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution. id: CVE-2019-0230 info: name: Apache Struts =2.5.20 - Remote Code Execution author: geeknik severity: critical description: Apache Struts 2.0.0 ...

D-Link Routers - Remote Code Execution

D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who...

nostromo 1.9.6 - Remote Code Execution

nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function httpverify. id: CVE-2019-16278 info: name: nostromo 1.9.6 - Remote Code Execution author: pikpikcu severity: critical description: nostromo nhttpd through 1.9.6 allows an...

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution

Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An...

Cisco ASA - Local File Inclusion

Cisco Adaptive Security Appliances ASA web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. It is also possible on certain software releases that the ASA will not reload, but an attacker...

vBulletin 5.0.0-5.5.4 - Remote Command Execution

vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widgetphp routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system...

Pulse Connect Secure SSL VPN Arbitrary File Read

Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access. id: CVE-2019-11510 info: name: Pulse...

Jenkins - Remote Command Injection

Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this wa...

ListSERV Maestro <= 9.0-8 RCE

A struts-based OGNL remote code execution vulnerability exists in ListSERV Maestro before and including version 9.0-8. id: CVE-2010-1870 info: name: ListSERV Maestro = 9.0-8 RCE author: b0yd severity: medium description: A struts-based OGNL remote code execution vulnerability exists in ListSERV...

TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection

TP-Link Archer AX21 AX1800 routers are vulnerable to unauthenticated OS command injection via the country parameter in the locale endpoint. This allows remote attackers to execute arbitrary commands as root. id: CVE-2023-1389 info: name: TP-Link Archer AX21 AX1800 - Unauthenticated Command...

Atlassian Confluence - Remote Code Execution

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server...

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

Apache Druid Kafka Connect - Remote Code Execution

The vulnerability has the potential to enable a remote attacker with authentication to run any code on the system. This is due to unsafe deserialization that occurs during the configuration of the connector through the Kafka Connect REST API id: CVE-2023-25194 info: name: Apache Druid Kafka Conne...

Juniper J-Web - Remote Code Execution

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands id: CVE-2023-36845 info: name: Juniper J-Web - Remote Code...

Ivanti ICS - Authentication Bypass

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. id: CVE-2023-46805 info: name: Ivanti ICS - Authentication Bypass author: DhiyaneshDK,daffainfo,geeknik...