208 matches found
CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Recent...
CVE-2023-25266
An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code...
HackerOne: [CVE-2022-44268] Arbitrary Remote Leak via ImageMagick
A Local File Inclusion vulnerability was discovered in an outdated version of ImageMagick used for image resizing on a website. An attacker could exploit this vulnerability by uploading a malicious PNG image, which would include the local file as content of the resized image in a hexadecimal...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
SpringAllReachable A graphical tool for rapid exploitati...
Heap overflow
Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could...
CVE-2022-21668
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...
CVE-2021-35978
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker with knowledge of the protocol to execute arbitrary code on the controller including overwriting firmware, adding/removing...
CVE-2021-20023
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host...
CVE-2021-3258
Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting XSS, which may lead to arbitrary remote code execution...
Remote code execution
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...
BugPoC: XSS PoC for the wacky.buggywebsite.com challenge
Summary: https://wacky.buggywebsite.com/frame.html is vulnerable to DOM-based XSS. Steps To Reproduce: 1. Navigate to https://oembed.dev.ipwnedyour.net/wacky.buggywebsite.com.xss.html 1. Verify the document's origin is displayed in an alert box. PoC code details: The PoC page at...
telnet security update
1:0.17-65 - Resolves: 1814475 - Arbitrary remote code execution in utility.c via short writes or urgent data...
telnet security update
1:0.17-49 - Resolves: 1814775 - Arbitrary remote code execution in utility.c via short writes or urgent data...
CVE-2019-18211
An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user...
NewStart CGSL MAIN 5.04 : libreoffice Vulnerability (NS-SA-2019-0013)
The remote NewStart CGSL host, running version MAIN 5.04, has libreoffice packages installed that are affected by a vulnerability: - A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosure may be achieved by the use of the WEBSERVICE formula in a specially...
RemoteMouse 3.008 - Arbitrary Remote Command Execution
RemoteMouse 3.008 - Arbitrary Remote Command Execution Exploit Title: Remote Mouse 3.008 - Failure to Authenticate Date: 2019-09-04 Exploit Author: 0rphon Software Link: https://www.remotemouse.net/ Version: 3.008 Tested on: Windows 10 Remote Mouse 3.008 fails to check for authenication and will...
RemoteMouse 3.008 - Arbitrary Remote Command Execution
Exploit Title: Remote Mouse 3.008 - Failure to Authenticate Date: 2019-09-04 Exploit Author: 0rphon Software Link: https://www.remotemouse.net/ Version: 3.008 Tested on: Windows 10 Remote Mouse 3.008 fails to check for authenication and will execute any command any machine gives it This script po...
Command injection
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job...
CVE-2018-14802
Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini C1, FRENIC-Mini C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution...
CVE-2018-14802
CVE-2018-14802 affects Fuji Electric FRENIC Loader family (FRENIC-Mini C1/C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace). Description: stack-based buffer overflow caused by improper validation of user-supplied comments, enabling arbitrary remote code execution. Affected product versions i...