CVE-2024-31459 Cacti RCE vulnerability by file include in lib/plugin.php

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the lib/plugin.php file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the apipluginho...

CVE-2024-31459 Cacti RCE vulnerability by file include in lib/plugin.php

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the lib/plugin.php file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the apipluginho...

CVE-2024-25641 Cacti RCE vulnerability when importing packages

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...

CVE-2024-25641 Cacti RCE vulnerability when importing packages

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...

RCE (Remote Code Execution) org.eclipse.jgit:org.eclipse.jgit Dependency in Bamboo Data Center and Server

This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...

CVE-2024-29212

Due to an unsafe de-serialization method used by the Veeam Service Provider ConsoleVSPC server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution RCE on the VSPC server machine...

Openmediavault Remote Code Execution / Local Privilege Escalation Exploit

Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive revers...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400 PoC for educational purposes only. only use on...

Exploit for CVE-2024-32523

CVE-2024-32523-Poc CVE-2024-32523: Mailster /wp-content/plugin...

RHEL 9 : go-git (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients...

RHEL 6 : bluez (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS o...

RHEL 7 : bluez (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS o...

RHEL 6 : git (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - git: cvsserver command injection CVE-2017-14867 - git: Heap overflow in git archive, git log --format...

gimp security update

An update is available for gimp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The GIMP GNU Image Manipulation Program is an image composition and editing...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSS...

Openmediavault Remote Code Execution / Local Privilege Escalation Exploit

Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive revers...

Genie Path Traversal vulnerability via File Uploads

Overview Path Traversal Vulnerability via File Uploads in Genie Impact Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to the Genie application may be impacted. Using this technique, it is possible to write a file with any...

CVE-2024-4605 Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution

The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributor...

1Panel arbitrary file write vulnerability

Summary There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol to achieve arbitrary file writing PoC Dockerfile FROM bash:latest COPY...

CVE-2024-34352

CVE-2024-34352 affects the 1Panel project (open source Linux server O&M panel). Prior to v1.10.3-lts, command injection vulnerabilities allow arbitrary file writes and can lead to remote code execution. The root cause involves inadequate input filtering and an exploit path using the mirror config...