Sharepoint Dynamic Proxy Generator Unauth RCE

This module exploits two vulnerabilities in Sharepoint 2019, an auth bypass CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955, an RCE which was patched in May of 2023. The auth bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the...

Hitachi Energy MACH SCM (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.9 ATTENTION : Exploitable remotely Vendor : Hitachi Energy Equipment : MACH SCM Vulnerabilities : Improper Control of Generation of Code, Improper Neutralization of Directives in Dynamically Evaluated Code 2. RISK EVALUATION Successful exploitation of...

CVE-2024-29195

The CVE-2024-29195 advisory concerns the azure-c-shared-utility C library used by the Azure IoT C SDK for AMQP/MQTT communication. The described issue is an integer wraparound/under-allocation/heap buffer overflow stemming from vulnerable parameter checking in the buffer length handling, which co...

CVE-2024-29195 Azure C SDK Integer Wraparound Vulnerability

The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to...

CVE-2024-27521

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain an unauthenticated remote command execution RCE vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows...

CVE-2024-27521

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain an unauthenticated remote command execution RCE vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows...

phpMyFAQ < 3.2.6 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

GHSA-PWH2-FPFR-X5GF phpMyFAQ's File Upload Bypass at Category Image Leads to RCE

Summary The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution RCE on the system. Details In the file upload function of...

phpMyFAQ's File Upload Bypass at Category Image Leads to RCE

Summary The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution RCE on the system. Details In the file upload function of...

phpMyFAQ SQL injections at insertentry & saveentry

Summary A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accoun...

GHSA-2GRW-MC9R-822R phpMyFAQ SQL injections at insertentry & saveentry

Summary A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accoun...

phpMyFAQ SQL Injection at "Save News"

Summary A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some...

GHSA-QGXX-4XV5-6HCW phpMyFAQ SQL Injection at "Save News"

Summary A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some...

WP Crontrol vulnerable to possible RCE when combined with a pre-condition

Impact WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential f...

GHSA-9XVF-CJVF-FF5Q WP Crontrol vulnerable to possible RCE when combined with a pre-condition

Impact WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential f...

GHSA-592J-995H-P23J RDoc RCE vulnerability with .rdoc_options

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

CVE-2024-28105

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...

CVE-2024-28107

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...

CVE-2024-28850

WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability...

CVE-2024-27299

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...