Laravel RCE vulnerability in "cookie" session driver

Application's using the "cookie" session driver were the primary applications affected by this vulnerability. Since we have not yet released a security release for the Laravel 5.5 version of the framework, we recommend that all applications running Laravel 5.5 and earlier do not use the "cookie"...

GHSA-64VJ-933F-6PM3 eZ Platform Object Injection in SiteAccessMatchListener

This Security Advisory is about an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution RCE, a very serious threat. All sites may be affected. Update: There are bugs introduced by this fix, particularly but not limited to compound...

eZ Platform Object Injection in SiteAccessMatchListener

This Security Advisory is about an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution RCE, a very serious threat. All sites may be affected. Update: There are bugs introduced by this fix, particularly but not limited to compound...

eZ Publish Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution RCE, a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if...

GHSA-2W9P-XXQR-H253 eZ Platform Object Injection in SiteAccessMatchListener

This Security Advisory is about an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution RCE, a very serious threat. All sites may be affected. Update: There are bugs introduced by this fix, particularly but not limited to compound...

eZ Platform Object Injection in SiteAccessMatchListener

This Security Advisory is about an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution RCE, a very serious threat. All sites may be affected. Update: There are bugs introduced by this fix, particularly but not limited to compound...

CVE-2024-30310 ZDI-CAN-23327: Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Exploit for SQL Injection in Valvepress Automatic

CVE-2024-27956-RCE File Package Contents: 1. exploit.py...

Zope 5.9 Command Injection

Vulnerability Report Title: Command Argument Injection Vulnerability in Zope WSGI Instance Creation Script Leading to RCE Description: A command Argument injection vulnerability has been identified in the Zope WSGI instance creation script used by the Zope web application server framework, which ...

EulerOS Virtualization 2.11.1 : shim (EulerOS-SA-2024-1619)

According to the versions of the shim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HT...

Patch Tuesday - May 2024

Microsoft is addressing 61 vulnerabilities this May 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for three of the vulnerabilities published today. At time of writing, two of the vulnerabilities patched today are listed on CISA KEV. Microsoft is...

CVE-2024-29998

Windows Mobile Broadband Driver Remote Code Execution Vulnerability...

CVE-2024-30005

CVE-2024-30005 relates to the Windows Mobile Broadband Driver remote code execution. Per NCSC, it is listed under Windows Mobile Broadband with a CVSS around 6.8/6.80 and impact described as executing random code. No root-cause or remediation details are provided in the available documents; monit...

CVE-2024-32352

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an authenticated remote command execution RCE vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary...

CVE-2024-32351

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an authenticated remote command execution RCE vulnerability via the "mru" parameter in the "cstecgi.cgi" binary...

CVE-2024-32351

The CVE-2024-32351 entry affects TOTOLINK X5000R (V9.1.0cu.2350_B20230313). The vulnerability is an authenticated remote code execution via the mru parameter in the cstecgi.cgi binary, caused by improper filtering of special elements in constructed snippets. Impact is described as arbitrary code ...

CVE-2024-28075

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative ZDI for its ongoing partnership in coordinating wit...

KLA67582 RCE vulnerability in LibreOffice

Remote code execution vulnerability was found in LibreOffice. Malicious users can exploit this vulnerability to execute arbitrary unchecked script. Original advisories CVE-2024-3044: Graphic on-click binding allows unchecked script execution Related products LibreOffice CVE list CVE-2024-3044 hig...

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

Description The plugin is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files PoC Note: This must be tested on a web server running Apache 1 Create a new post 2 Add e-Learning block to the post and upload...

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

Description The plugin is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files Note: This must be tested on a web server running Apache 1 Create a new post 2 Add e-Learning block to the post and upload a z...