ALSA-2024:3671 Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.3. AlmaLinux-37697 Security Fixes: ruby: Buffer overread vulnerabili...

WordPress Hash Form Plugin RCE

The Hash Form - Drag & Drop Form Builder plugin for WordPress suffers from a critical vulnerability due to missing file type validation in the fileuploadaction function. This vulnerability exists in all versions up to and including 1.1.0. Unauthenticated attackers can exploit this flaw to upload...

AlmaLinux 8 : ruby:3.1 (ALSA-2024:3546)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3546 advisory. ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: Arbitrary memory...

Exploit for Authentication Bypass by Spoofing in Telerik Report_Server_2024

CVE-2024-4358 / CVE-2024-1800 Telerik Report Server deserializ...

CVE-2024-34792 WordPress Dextaz Ping plugin <= 0.65 - Remote Code Execution (RCE) vulnerability

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through 0.65...

CVE-2024-37061

Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run...

Exploit for Authentication Bypass by Spoofing in Telerik Report_Server_2024

CVE-2024-4358 An Vulnerability detection and Mass Exploitation...

CVE-2024-36104 Apache OFBiz: Path traversal leading to a RCE

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue...

CVE-2024-36104 Apache OFBiz: Path traversal leading to a RCE

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue...

CVE-2024-0757 Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files...

CVE-2024-0757 Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files...

Dotclear 2.29 - Remote Code Execution Exploit

Exploit Title: Dotclear 2.29 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: https://git.dotclear.org/explore/repos Software Link: https://github.com/dotclear/dotclear/archive/refs/heads/master.zip Tested Version: v2.29 latest Tested on: MacOS import requests import...

Exploit for CVE-2024-2961

Testing CVE-2024-2961 V1 - Under Analysis This repository c...

Exploit for Improper Access Control in Apache Hugegraph

CVE-2024-27348 🪶 CVE-2024-27348 Proof of concept Exploit RCE...

Moderate: Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update

An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Monstra CMS 3.0.4 Remote Code Execution

Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution RCE Date: 05.05.2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: MacOS import requests import random import string import time import...

ruby:3.1 security, bug fix, and enhancement update

ruby 3.1.5-143 - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-35750 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35751...

WBCE CMS 1.6.2 Remote Code Execution

Exploit Title: WBCE CMS v1.6.2 - Remote Code Execution RCE Date: 3/5/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.2.zip Version: 1.6.2 Tested on: MacOS import requests from bs4 import BeautifulSo...

appRain CMF 4.0.5 Shell Upload

Exploit Title: appRain CMF 4.0.5 - Remote Code Execution RCE Authenticated Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.apprain.org Software Link: https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zip Version: latest Tested on: MacOS import requests...

RHEL 8 : jbossweb (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: deserialization flaw in session persistence storage leading to RCE CVE-2020-9484 Note that Nessus has not...