162 matches found
CVE-2021-37942
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...
Privilege escalation
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...
CVE-2021-37942 APM Java Agent Local Privilege Escalation
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...
PT-2023-12332 · Unknown · Apm Java Agent
Name of the Vulnerable Software and Affected Versions: APM Java agent affected versions not specified Description: A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By usin...
Remote code execution
Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is...
CVE-2023-36821 Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is...
PT-2023-25713 · Unknown +1 · Uptime Kuma +1
Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.22.1 Description: The issue allows an authenticated attacker to install a maliciously crafted plugin, potentially leading to remote code execution. Uptime Kuma permits authenticated users to install plugins fro...
CVE-2023-23752
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. Recent assessments: noraj at March 24, 2023 9:21am UTC reported: There are at least two ways to achieve RCE. Vector n°1 It leaks the MySQL credentials, in default a...
GHSA-G8HP-RC67-JF96 Path Traversal in Liferay Portal
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module...
Path Traversal in Liferay Portal
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module...
Design/Logic Flaw
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin...
Design/Logic Flaw
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module...
CVE-2022-42123
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin...
CVE-2022-42125
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module...
CVE-2022-42123
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin...
PT-2022-26271 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.5 through 7.4.3.35 Liferay DXP 7.4 update 1 through update 34 Description: The issue allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module. This ...
Liferay Portal和Liferay DXP 路径遍历漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
CVE-2022-31123 Grafana plugin signature bypass vulnerability
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...
CVE-2022-28223
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin...
Apple macOS Big Sur 访问控制错误漏洞
Apple macOS Big Sur is a mobile application app from Apple USA. An Access Control Error vulnerability exists in Apple macOS Big Sur prior to version 11.6.5, which stems from improper access restrictions in QuickTime Player on the system. An attacker can write a malicious plugin to exploit the...