Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2024/09/02 8:9 a.m.19 views

OPENSUSE-SU-2024:0274-1 Security update for cacti, cacti-spine

This update for cacti, cacti-spine fixes the following issues: - cacti 1.2.27: CVE-2024-34340: Authentication Bypass when using using older password hashes boo1224240 CVE-2024-25641: RCE vulnerability when importing packages boo1224229 CVE-2024-31459: RCE vulnerability when plugins include files...

9.1CVSS7.9AI score0.8819EPSS
Exploits26References21
Rapid7 Blog
Rapid7 Blogadded 2024/06/14 7:9 p.m.46 views

Metasploit Weekly Wrap-Up 06/14/2024

New module content 5 Telerik Report Server Auth Bypass Authors: SinSinology and Spencer McIntyre Type: Auxiliary Pull request: 19242 contributed by zeroSteiner Path: scanner/http/telerikreportserverauthbypass AttackerKB reference: CVE-2024-4358 Description: This adds an exploit for CVE-2024-4358...

9.9CVSS8.2AI score0.94344EPSS
Exploits54
Metasploit
Metasploitadded 2024/06/13 7:55 p.m.548 views

Cacti Import Packages RCE

This exploit module leverages an arbitrary file write vulnerability CVE-2024-25641 in Cacti versions prior to 1.2.27 to achieve RCE. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The modu...

9.1CVSS8.9AI score0.8819EPSS
Exploits17
Packet Storm
Packet Stormadded 2024/06/13 12:0 a.m.310 views

Cacti Import Packages Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cacti Import Packages RCE', 'Description' = %q This exploit module leverages an arbitrary file write vulnerability CVE-2024-25641 in Cacti versio...

9.1CVSS7AI score0.8819EPSS
Exploits17
0day.today
0day.todayadded 2024/06/13 12:0 a.m.511 views

Cacti Import Packages Remote Code Execution Exploit

This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The...

9.1CVSS8.8AI score0.8819EPSS
Exploits17
Prion
Prionadded 2024/01/10 1:15 p.m.13 views

Cross site request forgery (csrf)

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution RCE with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticate...

6.5CVSS7.8AI score0.00638EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder