CVE-2024-7435

The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is prese...

Microsoft SQL Server SQL Injection Escalate Execute AS

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi Escalate Execute AS', 'Description' = %q This module can be used escalate privileges if the IMPERSONATION privilege has...

Oracle DB SQL Injection Via SYS.LT.REMOVEWORKSPACE

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.LT.REMOVEWORKSPACE', 'Description' = %q This module exploits a sql injection flaw in the REMOVEWORKSPACE procedur...

CVE-2024-44682

ShopXO 6.2 is vulnerable to Cross Site Scripting XSS in the backend that allows attackers to execute code by changing POST parameters...

CVE-2024-44916

This CVE affects SeaCMS Seacms v13.1, specifically the admin_ip.php page. When action=set is used, an attacker can control IP parameters written to data/admin/ip.php, enabling arbitrary command execution. The vulnerability is evidenced across multiple sources (NVD/Red Hat/CNNVD) with CVSSv3.1 bas...

Tenda O6 fromSafeSetMacFilter function buffer overflow vulnerability

Tenda O6 is a wireless bridge from Tenda, China. A buffer overflow vulnerability exists in Tenda O6 version 1.0.0.7, which originates from the parameter mark/type/time in the fromSafeSetMacFilter function of file /goform/setMacFilterList failing to correctly validate the length of the input data,...

CVE-2024-43804 OS Command Injection via Port Scan Functionality in Roxy-WI

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functionality. User-supplied input is used withou...

CVE-2024-43804 OS Command Injection via Port Scan Functionality in Roxy-WI

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functionality. User-supplied input is used withou...

CVE-2024-5622 Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL

An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL = R 4.2.-07P3 and = R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges...

CVE-2024-20411

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An...

CVE-2024-6449

HyperView Geoportal Toolkit (versions

CVE-2024-8030

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitwishlist cookie in versions up to , and...

ROS-20240827-09

A vulnerability in GLPI's computer hardware requisition, incident, and inventory system is related to external file name or path control. Exploitation of the vulnerability could allow an attacker acting remotely, to upload a malicious PHP script and hijack the plugin loader to execute that...

CVE-2024-36068

An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code...

CVE-2024-41176

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user “root” via a crafted HTTP request...

CVE-2024-41176

CVE-2024-41176 affects Beckhoff: TwinCAT/BSD MPD package. An authenticated, low-privileged local attacker can cause a DoS in the daemon and execute code in the root context via a crafted HTTP request. Documented impact is local, with potential for full system compromise; exploitation status is no...

Malicious code in pitest115 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eafda224bcd5572ef89818a64323563992432421a36cdec585dee3dc0a04469c Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

CVE-2024-45187

CVE-2024-45187 describes an incorrect privilege assignment in Mage AI: guest users who remain logged in after account deletion are granted high privileges and can remotely execute arbitrary code via the Mage AI terminal server. The incident is caused by deleted accounts still having active privil...

Dell Client BIOS Improper Input validation (DSA-2024-260)

Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to code execution. Note that Nessus has not tested for this issue but has instead relied only on t...

CVE-2024-42770

A Stored Cross Site Scripting XSS vulnerability was found in "/core/signupuser.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "useremail" parameter...