CVE-2024-31809

TOTOLINK EX200 v4.0.3c.7646_B20201211 is reported to have a remote code execution vulnerability via the FileName parameter in the setUpgradeFW function. The issue affects the TOTOLINK EX200 device and is described across multiple sources (NVD/Red Hat/CNVD/CVELIST). The root cause is improper hand...

BIT-WORDPRESS-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

BIT-WORDPRESS-MULTISITE-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

CVE-2024-25029 IBM Personal Communications code execution

IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution RCE and local privilege escalation LPE. The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the...

CVE-2024-25029 IBM Personal Communications code execution

IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution RCE and local privilege escalation LPE. The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the...

Exploit for Command Injection in Tiagorlampert Chaos

https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc/asse...

Exploit for Command Injection in Thimpress Learnpress

CVE-2023-6634 Exploit Script Description This repository...

Lexmark Printer RCE Vulnerability (CVE-2023-50739)

Multiple Lexmark printer devices are prone to remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFI...

CVE-2024-31210

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

CVE-2024-31210

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

CVE-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

CVE-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

CVE-2024-31210

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

CVE-2024-31210

WordPress core plugin upload handling is vulnerable when an administrator (single-site) or Super Admin (multisite) can submit a non-zip file and FTP credentials are required to install it. If DISALLOW_FILE_EDIT is true and FTP is needed, the uploaded file can remain in Media Library and enable re...

GHSA-27JX-FFW8-XRQV pgAdmin Remote Code Execution (RCE) vulnerability

pgAdmin = 8.4 is affected by a Remote Code Execution RCE vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the...

CVE-2024-3116

pgAdmin = 8.4 is affected by a Remote Code Execution RCE vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the...

CVE-2024-3116 Remote Code Execution Vulnerability through the validate binary path API in pgAdmin 4

pgAdmin = 8.4 is affected by a Remote Code Execution RCE vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the...

XML Injection

verapdf is vulnerable to Remote Code Execution RCE. The vulnerability is caused by executing policy checks using custom schematron files, which invokes an XSL transformation that could lead to code execution...

CVE-2024-2692 SiYuan 3.0.3 - RCE via Server Side XSS

SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS...

CVE-2024-2692 SiYuan 3.0.3 - RCE via Server Side XSS

SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS...