171 matches found
CVE-2025-34104
An authenticated remote code execution vulnerability exists in Piwik now Matomo versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions, an authenticated user with Superuser privileges can upload and activate a malicious plugin ZIP archive, leading to arbitrary PHP code...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via script pluginmodel.rb. An attacker can upload a crafted requirements.txt file with a malicious plugin. Remediation There is no fixed version for openc3. References - PoC - Vulnerable Code...
CVE-2023-51655
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...
CVE-2022-42125
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module...
CVE-2021-24693
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the...
CVE-2021-29246
BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory...
Exploit for Path Traversal in Igniterealtime Openfire
It is an offensive tool for Openfire. This repository contains a...
Exploit for Path Traversal in Igniterealtime Openfire
It is an exploit module for Openfire, a Jabber/XMPP server. The...
LimeSurvey 5.2.4 Shell Upload
LimeSurvey version 5.2.4 proof of concept exploit that upload a malicious PHP plugin to obtain a reverse shell...
Azure Linux 3.0 Security Update: cert-manager / helm (CVE-2024-26147)
The version of cert-manager / helm installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26147 advisory. - Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
Exploiting CVE-2024-27198-RCE Vulnerability In this project, I...
New PhishWP Plugin on Russian Forum Turns Sites into Phishing Pages
SlashNext has discovered a malicious WordPress plugin, PhishWP, which creates convincing fake payment pages to steal your credit card information, 3DS codes, and personal data...
Exploit for Unrestricted Upload of File with Dangerous Type in Limesurvey
CVE-2021-44967 Exploit Title: LimeSurvey 5.2.4 - Authen...
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
pyrage uses the Rust age crate for its underlying operations, and age is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to pyrage for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of pyrage before 1.2.0 lack plugin...
GHSA-32GQ-X56H-299C age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the age CLI through an attacker-controlled recipient or identity string, or to the plugin.NewIdentity, plugin.NewIdentityWithoutData, or plugin.NewRecipient APIs. ...
age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the age CLI through an attacker-controlled recipient or identity string, or to the plugin.NewIdentity, plugin.NewIdentityWithoutData, or plugin.NewRecipient APIs. ...
GHSA-4FG7-VXC8-QX5W rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the rage CLI through an attacker-controlled recipient or identity string, or to the following age APIs when the plugin feature flag is enabled: -...
rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the rage CLI through an attacker-controlled recipient or identity string, or to the following age APIs when the plugin feature flag is enabled: -...
Malicious plugin names, recipients, or identities can cause arbitrary binary execution
A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided through an attacker-controlled input to the following age APIs when the plugin feature flag is enabled: - age::plugin::Identity::fromstr or equivalently str::parse:: ...
RUSTSEC-2024-0432 Malicious plugin names, recipients, or identities can cause arbitrary binary execution
A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the rage CLI through an attacker-controlled recipient or identity string, or an attacker-controlled plugin name via the -j flag. On UNIX systems, a directory...