CVE-2024-29201 JumpServer's insecure Ansible playbook validation leads to RCE in Celery

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has databas...

CVE-2024-29201 JumpServer's insecure Ansible playbook validation leads to RCE in Celery

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has databas...

SQL Injection

phpmyfaq/phpmyfaq is vulnerable to SQL Injection. The vulnerability is caused due to improper escaping of the email address within News.php. This allows authenticated users with appropriate privileges to execute malicious SQL queries, potentially leading to data exfiltration, account takeover, an...

Pods < 3.1 - Contributor+ Remote Code Execution

Description The plugin is vulnerable to Remote Code Execution via shortcode, allowing authenticated attackers, with contributor level access or higher, to execute code on the server...

Exploit for Code Injection in Openplcproject Openplc_V3_Firmware

cve-2021-31630 OpenPLC WebServer v3 - Authenticated RCE T...

CVE-2024-28109

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

CVE-2024-28109 Potential XSLT injection vulnerability when using policy files

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

CVE-2024-28109

CVE-2024-28109 affects veraPDF-library, a PDF/A validation library. Executing policy checks with custom Schematron files triggers an XSL transformation, which can lead to a remote code execution (RCE). Impact is stated as high severity (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). The issue is...

CVE-2024-28109 Potential XSLT injection vulnerability when using policy files

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

CVE-2024-28109 Potential XSLT injection vulnerability when using policy files

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

CVE-2023-6437 Authenticated RCE

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u allows authenticated OS Command Injection. This issue affec...

Remote Code Execution (RCE)

johnbillion/wp-crontrol is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of PHP code, which can result RCE...

Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift Builds 1.0.1

An update is now available for Red Hat OpenShift Builds 1.0. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

Internet Bug Bounty: CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc

A remote code execution vulnerability was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. The vulnerability was caused by the lack of restrictions on the classes that could be restored when parsing .rdocoptions as a YAML file. Additionally, object injection and...

Unauthenticated RCE in Bricks Builder Theme

This module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions use exploit/multi/http/wpbricksbuilderrce msf exploitwpbricksbuilderrce show targets ...targets... msf exploitwpbricksbuilderrce set TARGET msf exploitwpbricksbuilderrce show options...

Critical: Red Hat Security Advisory: ACS 4.3 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2024-0400

SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code RCE on the SCM Server...

CVE-2024-0400

CVE-2024-0400 affects Hitachi Energy MACH SCM (versions 4.0 to 4.38; advice also references 4.6 to 4.38.0 with 4.38.1 as fix). The vulnerability involves improper generation of code (CWE-94) and improper neutralization of directives in dynamically evaluated code (CWE-95), enabling an authenticate...

CVE-2024-0400

SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code RCE on the SCM Server...

Craft CMS 4.4.14 - Unauthenticated Remote Code Execution Exploit

!/usr/bin/env python3 coding: utf-8 Exploit Title: Craft CMS unauthenticated Remote Code Execution RCE Version: 4.0.0-RC1 - 4.4.14 Vendor Homepage: https://craftcms.com/ Software Link: https://github.com/craftcms/cms/releases/tag/4.4.14 Tested on: Ubuntu 22.04.3 LTS Tested on: Craft CMS 4.4.14...