Exploit for CVE-2024-34361

CVE-2024-34361 Pi-hole Remote Code Execution SSRF to RCE...

Exploit for CVE-2024-34361

CVE-2024-34361 Pi-hole Remote Code Execution SSRF to RCE...

Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms

Chamilo LMS Unauthenticated Big Upload File RCE PoC This is a...

CVE-2024-34361 Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE)

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the gravityDownloadBlocklistFromUrl function. Depending on some...

CVE-2024-34361 Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE)

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the gravityDownloadBlocklistFromUrl function. Depending on some...

Exploit for Missing Authentication for Critical Function in Jetbrains Teamcity

PoC exploit for CVE-2023-42793, a TeamCity RCE vulnerability on...

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

It is an exploit module/toolkit targeting a web application. The...

Remote Code Execution (RCE)

gogs.io/gogs is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of command-line arguments within the bundled ssh implementation internal/ssh/ssh.go. An attacker can exploit the vulnerability by sending a malicious --split-string env request through an SSH...

Exploit for Code Injection in Crushftp

CVE-2024-4040 Introduction I recently noticed this vuln...

Exploit for Code Injection in Geoserver

RCE for CVE-2024-36401 POC for CVE-2024-36401 GeoServer. This...

Mageia: Security Advisory (MGASA-2024-0250)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated openssh packages fix security vulnerability

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems. CVE-2024-6387...

CBL Mariner 2.0 Security Update: azure-iot-sdk-c (CVE-2024-27099)

The version of azure-iot-sdk-c installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27099 advisory. - The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an...

QNAP QTS OpenSSH RCE Vulnerability (QSA-24-31, regreSSHion)

QNAP QTS is prone to a remote code execution RCE vulnerability in OpenSSH dubbed SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

QNAP QuTS hero OpenSSH RCE Vulnerability (QSA-24-31, regreSSHion)

QNAP QuTS hero is prone to a remote code execution RCE vulnerability in OpenSSH dubbed SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

yt-dlp File system modification and RCE through improper file-extension sanitization

Summary yt-dlp does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp also reads config from the working directory and on Windows executables will be executed from the yt-dlp...

GHSA-79W7-VH3H-8G4J yt-dlp File system modification and RCE through improper file-extension sanitization

Summary yt-dlp does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp also reads config from the working directory and on Windows executables will be executed from the yt-dlp...

CVE-2024-36404

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

RLSA-2024:4083 Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...

git security update

An update is available for git. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git is a distributed revision control system with a decentralized architecture. A...