Lucene search
K

856 matches found

Prion
Prion
added 2023/11/01 10:15 a.m.32 views

Deserialization of untrusted data

Unsafe variable extraction in bitrix/modules/main/classes/general/useroptions.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via 1 appending arbitrary content to existing PHP files or 2 PHAR deserialization...

6.5CVSS8.8AI score0.01399EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/11/01 9:2 a.m.72 views

CVE-2023-1714 Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction

Unsafe variable extraction in bitrix/modules/main/classes/general/useroptions.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via 1 appending arbitrary content to existing PHP files or 2 PHAR deserialization...

8.8CVSS9AI score0.01399EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/11/01 9:2 a.m.25 views

CVE-2023-1714 Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction

Unsafe variable extraction in bitrix/modules/main/classes/general/useroptions.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via 1 appending arbitrary content to existing PHP files or 2 PHAR deserialization...

8.8CVSS7.8AI score0.01399EPSS
Exploits1References1
CVE
CVE
added 2023/11/01 9:2 a.m.159 views

CVE-2023-1714

CVE-2023-1714 affects Bitrix24 22.0.300; the vulnerability is an unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php, enabling remote authenticated attackers to execute arbitrary code via (1) appending content to existing PHP files or (2) PHAR deserialization. Conne...

8.8CVSS8.8AI score0.01399EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/10/30 2:15 p.m.4 views

CVE-2023-5250

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...

8.8CVSS7.8AI score0.01107EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.5 views

PT-2023-29541 · Knowband · Knowband Supercheckout

Name of the Vulnerable Software and Affected Versions: KnowBand supercheckout versions 5.0.7 through 6.0.7 Description: The issue allows a guest to upload files with dangerous extensions, such as .php, in the "Module One Page Checkout, Social Login & Mailchimp" supercheckout module...

9.8CVSS9.4AI score0.00578EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/09/07 2:34 a.m.4 views

SUSE CVE-2023-31132

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The use...

7.8CVSS7.5AI score0.00384EPSS
Exploits1References3
Prion
Prion
added 2023/09/05 10:15 p.m.18 views

Privilege escalation

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The use...

4.3CVSS9AI score0.00384EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/05 9:19 p.m.14 views

CVE-2023-31132 Cacti Privilege Escalation

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The use...

7.8CVSS9AI score0.00384EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2023/09/05 9:19 p.m.25 views

CVE-2023-31132

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The use...

7.8CVSS8AI score0.00384EPSS
Exploits1
OSV
OSV
added 2023/09/05 9:19 p.m.10 views

CVE-2023-31132 Cacti Privilege Escalation

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The use...

7.8CVSS7.8AI score0.00384EPSS
Exploits1References6
0day.today
0day.today
added 2023/09/05 12:0 a.m.281 views

Webigniter 28.7.23 Shell Upload Vulnerability

Title: WEBIGniter-28.7.23 File Upload - RCE Author: nu11secur1ty Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/file-upload Description: The media function suffers from file upload vulnerability. The attacker can upload and he...

7.1AI score
Exploits0
OSV
OSV
added 2023/08/22 7:16 p.m.2 views

CVE-2023-23565

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion...

4.9CVSS5.8AI score0.00993EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/08/22 12:0 a.m.10 views

CVE-2023-23565

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion...

6.7AI score0.00993EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/08/22 12:0 a.m.23 views

CVE-2023-23565

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion...

5.3AI score0.00993EPSS
Exploits1References3
CVE
CVE
added 2023/08/22 12:0 a.m.43 views

CVE-2023-23565

Geomatika IsiGeo Web 6.0 is affected by CVE-2023-23565 via Local File Inclusion, enabling remote authenticated users to retrieve PHP files from the server. The root cause is not fully detailed in the provided documents beyond LFI exposure. Impact is confidentiality loss (C: High) per NVD metrics....

4.9CVSS4.9AI score0.00993EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/08/05 2:15 a.m.4 views

CVE-2023-33367

A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution...

9.8CVSS6.1AI score0.01068EPSS
Exploits0References2
Prion
Prion
added 2023/08/05 2:15 a.m.21 views

Sql injection

A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution...

7.5CVSS10AI score0.01068EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2023/07/13 3:53 p.m.22 views

Unrestricted File Upload

responsive-filemanager,is vulnerable to Unrestricted File Upload. The vulnerability exists due to a lack of file upload checks, which allows an attacker with a low-privileged account to upload and execute arbitrary php files...

9.8CVSS7AI score0.02302EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2023/06/26 10:15 p.m.3 views

CVE-2023-32528

Trend Micro Mobile Security Enterprise 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

8.8CVSS7.6AI score0.02992EPSS
Exploits0References2
Rows per page
Query Builder