1764 matches found
CVE-2023-4797 Newsletter Lite < 4.9.3 - Admin+ Command Injection
The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...
PT-2024-13531 · WordPress · Newsletters
Name of the Vulnerable Software and Affected Versions: The Newsletters WordPress plugin versions prior to 4.9.3 Description: The issue arises from the plugin's failure to properly escape user-controlled parameters when they are appended to SQL queries and shell commands. This could enable an...
WordPress plugin Newsletters security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability in the WordPress plugin...
CVE-2023-46454
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...
CVE-2023-46456
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...
Exploit for Deserialization of Untrusted Data in Apache Activemq
CVE-2023-46604 Exploit for CVE-2023-46604 This tool helps...
Exploit for OS Command Injection in Gl-Inet Gl-Ar300M_Firmware
GL.iNet Multiple Vulnerabilities This repository contains the...
Authentication flaw
When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP t...
Run Shell Command allows Cross-Site Request Forgery
Impact A cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack are comments. When the...
CVE-2023-48292
The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands ...
Admin Tools Application Cross-Site Request Forgery Vulnerability
Admin Tools Application is an open source advanced administration tool for XWiki from the XWiki Foundation. A cross-site request forgery vulnerability exists in Admin Tools Application versions 4.4 through 4.5.1, which can be exploited to allow an attacker to execute arbitrary shell commands by...
Fedora 39 : pypy3.10 (2023-ddde191e04)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ddde191e04 advisory. Automatic update for pypy3.10-7.3.12-1.3.10.fc39. Changelog Wed Jul 26 2023 Miro Hronok - 7.3.12-1.3.10 - Initial PyPy 3.10 package Wed Jul 26 2023...
Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath...
Apache ActiveMQ Deserialization Vulnerability
Apache ActiveMQ is the United States Apache Apache Foundation of a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. Apache ActiveMQ there is a deserialization vulnerability , the vulnerability stems from the application in...
CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
Restricted vim sandbox escape
Description Restricted vim doesn't allow executing shell commands but it's possible to bypass this by setting GCONVPATH environment variable. I'm not sure if this can be consider a vulnerability but I decided to report it anyway found this while playing TeamItaly CTF . Proof of Concept Save this...
Command injection
A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...
CVE-2023-45208
A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...
CVE-2023-43072
Dell SmartFabric Storage Software v1.4 and earlier contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands...