Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

DolibabyPhp An authenticated RCE exploit for Dolibarr ERP/CRM...

Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms

Proof of conc...

Patch Tuesday - July 2024

Microsoft is addressing 139 vulnerabilities this July 2024 Patch Tuesday, which is on the high side in terms of typical CVE counts. They’ve also republished details for 4 CVEs issued by other vendors that affect Microsoft products. Microsoft has evidence of in-the-wild exploitation for 2 of the...

CVE-2024-38076

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability...

CVE-2024-38077

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability...

CVE-2024-38074

CVE-2024-38074 is described as a Remote Code Execution vulnerability in the Windows Remote Desktop Licensing Service. The provided CVSS 3.1 metrics indicate a network-accessible, no-authored-exploitation vector with HIGH impact to confidentiality, integrity, and availability (CVSS: 3.1: AV:N/AC:L...

CVE-2024-38044 DHCP Server Service Remote Code Execution Vulnerability

...

CVE-2024-38044 DHCP Server Service Remote Code Execution Vulnerability

...

CVE-2024-38363

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

CVE-2024-38363

Airbyte’s CVE-2024-38363 affects the Airbyte connection builder docker image, where server-side template injection (SSTI) enables authenticated remote code execution as the web server user. The connection builder is used to create/test new connectors, and exploitation could lead to exposure of se...

7-Zip RCE Vulnerability - Windows

7zip is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:7-zip:7-zip";...

OpenBSD OpenSSH 8.7p1 - 8.8p1 RCE Vulnerability

OpenBSD OpenSSH is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-6409

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...

CVE-2024-39202

D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution RCE vulnerability via the dhcpdstartip parameter at /goform/setlansettings...

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

RHEL 9 : git (RHSA-2024:4368)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4368 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

Pi-hole Core < 5.18.3 SSRF/RCE Vulnerability

Pi-hole Core is prone to a blind server-side request forgery SSRF vulnerability that can lead to remote code execution RCE. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2024-39202

CVE-2024-39202 affects D-Link DIR-823X firmware 240126. A remote command execution (RCE) vulnerability exists in the /goform/set_lan_settings endpoint, exploitable via the dhcpd_startip parameter due to improper input handling. This could allow an attacker with network access to execute arbitrary...