11240 matches found
CVE-2024-42395
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...
CVE-2024-42394
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...
CVE-2024-42393
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...
CVE-2024-42393
Technical details for CVE-2024-42393 are not publicly available in the provided documents. Monitor for updates from NVD/CVE and vendor advisories.
CVE-2024-42394
CVE-2024-42394 describes unauthenticated remote code execution via the Soft AP Daemon Service, accessed by the PAPI protocol. The vulnerability allows an attacker to execute arbitrary commands on the underlying OS, potentially leading to full system compromise. Documents consistently identify the...
CVE-2024-42394 Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...
CVE-2024-42395
CVE-2024-42395 describes an unauthenticated remote code execution in the AP Certificate Management Service . Exploitation could allow an attacker to run arbitrary commands on the underlying OS, potentially leading to complete system compromise. The CVSS metrics indicate a network-based , no-authe...
CVE-2024-39225
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution RCE vulnerability...
Android vulnerability used in targeted attacks patched by Google
Google has released patches for 46 vulnerabilities in Android, including a remote code execution RCE vulnerability that it says has been used in limited, targeted attacks. You can find your device’s Android version number, security update level, and Google Play system level in your Settings app...
CVE-2024-39225
The CVE-2024-39225 entry concerns a remote code execution (RCE) vulnerability reported in GL.iNet products. Affected devices include AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S130...
CVE-2024-39225
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution RCE vulnerability...
CVE-2024-23657
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...
CVE-2024-23657 Path Traversal: '../filedir' in Nuxt Devtools
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...
CVE-2024-23657 Path Traversal: '../filedir' in Nuxt Devtools
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...
CVE-2024-23657
CVE-2024-23657 — Nuxt Devtools: The issue is a path traversal vulnerability in Nuxt Devtools via getTextAssetContent, combined with lack of Origin checks on the WebSocket, enabling an attacker to read arbitrary files from the devtools host and, in some configurations, leak the devtools authentica...
Exploit for CVE-2024-31211
It is an exploit module/toolkit targeting unspecified products/s...
Exploit for Server-Side Request Forgery in Apache Http_Server
It is an offensive tool for web applications. The repository app...
Exploit for Command Injection in Nikhil-Bhalerao Poultry_Farm_Management_System
PoC exploit for CVE-2024-40110, an arbitrary file upload vulnera...
KnowBe4 RCE and LPE
Introduction Our latest investigation has uncovered significant security flaws in three KnowBe4 applications- Phish Alert Button, PasswordIQ, and Second Chance. These applications, commonly used in security awareness and training, were found to have vulnerabilities allowing remote command executi...
OSGeo GeoTools RCE (CVE-2024-36404)
The version of OSGeo GeoTools installed on the remote host is affected by a remote code execution vulnerability, as follows: - Remote Code Execution is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Note that Nessus has not...