CVE-2024-44341

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution RCE vulnerability via the lan0dhcpsstaticlist parameter. This vulnerability is exploited via a crafted POST request...

Ray Agent Job Remote Code Execution Exploit

This Metasploit modules demonstrates remote code execution in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is executing arbitrary workloads. By default Ray has no authentication. This module requires Metasploit: https://metasploit.com/download...

CVE-2024-44341

D-Link DIR-846W A1 FW100A43 is affected by CVE-2024-44341: a remote command execution (RCE) vulnerability through the lan(0)_dhcps_staticlist parameter, exploitable via a crafted POST request over the network. The Red Hat/CVE ecosystem confirms the issue, and PT-Security notes a practical workaro...

CVE-2024-44342

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution RCE vulnerability via the wl0.0ssid parameter. This vulnerability is exploited via a crafted POST request...

CVE-2024-7988 ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 POC & Lab For CVE-2021-41773 Setup Lab...

GHSA-CJ55-GC7M-WVCQ req may send an unintended request when a malformed URL is provided

The req library is a widely used HTTP library in Go. However, it does not handle malformed URLs effectively. As a result, after parsing a malformed URL, the library may send HTTP requests to unexpected destinations, potentially leading to security vulnerabilities or unintended behavior in...

Invesalius 3.1 Remote Code Execution

Exploit Title: Invesalius 3.1 - Remote Code Execution RCE Discovered By: Riccardo Degli Esposti partywave, Alessio Romano sfoffo Exploit Author: Riccardo Degli Esposti partywave, Alessio Romano sfoffo Vendor Homepage: https://invesalius.github.io/ Software Link:...

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

This is a rather flaky poc for CVE-2024-38063https://msrc.m...

Exploit for Missing Authentication for Critical Function in Jetbrains Teamcity

CVE-2023-42793 TeamCity CVE-2023-42793 RCE Remote Code Execu...

Ray Agent Job RCE

RCE in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is executing arbitrary workloads. By default Ray has no authentication. Module Options msf use exploit/linux/http/rayagentjobrce msf exploitrayagentjobrce show targets ...targets... msf...

Ray cpu_profile command injection

Ray RCE via cpuprofile command injection vulnerability. Module Options msf use exploit/linux/http/raycpuprofilecmdinjectioncve20236019 msf exploitraycpuprofilecmdinjectioncve20236019 show targets ...targets... msf exploitraycpuprofilecmdinjectioncve20236019 set TARGET msf...

Metasploit Weekly Wrap-Up 08/23/2024

New module content 3 Fortra FileCatalyst Workflow SQL Injection CVE-2024-5276 Authors: Michael Heinzl and Tenable Type: Auxiliary Pull request: 19373 contributed by h4x-x0r Path: admin/http/fortrafilecatalystworkflowsqli AttackerKB reference: CVE-2024-5276 Description: This adds an auxiliary modu...

CVE-2024-5466 Remote Code Execution

Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option...

CVE-2024-5466

CVE-2024-5466 affects Zohocorp ManageEngine OpManager and Remote Monitoring and Management, versions 128329 and below. The vulnerability is an authenticated remote code execution in the deploy agent option, caused by the underlying flaw described across multiple sources. Reported impact is high (...

Ray Agent Job Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray Agent Job RCE', 'Description' = %q RCE in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is...

Ray cpu_profile Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray cpuprofile command injection', 'Description' = %q Ray RCE via cpuprofile command injection vulnerability. , 'Author' = 'sierrabearchell',...

CVE-2024-38210 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

CVE-2024-42767

Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/addroomcontroller.php...

CVE-2024-42767

CVE-2024-42767 affects Kashipara Hotel Management System v1.0, with an Unrestricted File Upload vulnerability enabling Remote Code Execution through /admin/add_room_controller.php. Public sources consistently describe the flaw as a lack of validation of uploaded files, allowing an attacker to upl...