EUVD-2024-15878

Malicious code in bioql PyPI...

Oracle DB 11g R1/R2 DBMS_JVM_EXP_PERMS OS Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB 11g R1/R2 DBMSJVMEXPPERMS OS Code Execution', 'Description' = %q This module exploits a flaw 0 day in DBMSJVMEXPPERMS package that allo...

CVE-2023-31037

NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS...

Code injection

NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS...

CVE-2023-45352

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This...

OS Command Injection in sztheory/exifcleaner

✍️ Description Command Injection using XSS via EXIF Data. The application displays the image metadata in HTML format without removing malicious tags, therefore an XSS attack can be performed. bash exiftool -Comment='OverJT' MYIMAGE.png Being an application made in electron, it allows to easily...

Jenkins 1.626 - Cross Site Request Forgery / Code Execution

Title: Jenkins 1.626 - Cross Site Request Forgery / Code Execution Date: 27.08.15 Affected versions: = 1.626 current Vendor: jenkins-ci.org Contact: smash at devilteam.pl Cross site request forgery vulnerability in Jenkins 1.626 allows remote attackers to hjiack the authentication of users for mo...

Jenkins 1.626 - Cross Site Request Forgery / Code Execution Vulnerabilities

Cross site request forgery vulnerability in Jenkins 1.626 allows remote attackers to hjiack the authentication of users for most request. Using CSRF it is able to change specific settings or even execute code on os. Title: Jenkins 1.626 - Cross Site Request Forgery / Code Execution Date: 27.08.15...

WordPress Plugin 'ezpz-one-click-backup' 'cmd' Parameter OS Code Execution Vulnerability

The ezpz-one-click-backup plugin for WordPress is prone to a remote code execution RCE vulnerability because it fails to properly validate user supplied input. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Oracle DB 11g R1/R2 DBMS_JVM_EXP_PERMS OS Code Execution

This module exploits a flaw 0 day in DBMSJVMEXPPERMS package that allows any user with create session privilege to grant themselves java IO privileges. Identified by David Litchfield. Works on 11g R1 and R2 Windows only. This module requires Metasploit: https://metasploit.com/download Current...