OpenNMS Horizon Authenticated RCE

This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLEFILESYSTEMEDITOR privileges and either ROLEADMIN or ROLEREST. For versions 32.0.1 a...

CVE-2024-1538

The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...

CVE-2024-1538

The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...

CVE-2024-1538 File Manager <= 7.2.4 - Cross-Site Request Forgery to Local JS File Inclusion

The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...

File Manager < 7.2.5 - Cross-Site Request Forgery to Local JS File Inclusion

Description The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local...

OpenNMS Horizon 31.0.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenNMS Horizon Authenticated RCE', 'Description' = %q This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitra...

[updated] Apex Legends Global Series plagued by hackers

The North American finals of online shooter game Apex Legends has been postponed after games were disrupted by hacking incidents. Apex Legends, published by EA, is currently in an important stage of its Global Series, the regional finals mode. This is a big deal for the top players since there is...

CVE-2023-51444

GeoServer CVE-2023-51444 is a authenticated arbitrary file upload vulnerability in REST Coverage Store API present in versions prior to 2.23.4 and 2.24.1. An admin with permissions to modify coverage stores can upload arbitrary file contents to arbitrary locations, enabling remote code execution....

GHSA-8G7V-VJRC-X4G5 GeoServer log file path traversal vulnerability

Impact This vulnerability requires GeoServer Administrator with access to the admin console to misconfigured the Global Settings for log file location to an arbitrary location. This can be used to read files via the admin console GeoServer Logs page. It is also possible to leverage RCE or cause...

GeoServer log file path traversal vulnerability

Impact This vulnerability requires GeoServer Administrator with access to the admin console to misconfigured the Global Settings for log file location to an arbitrary location. This can be used to read files via the admin console GeoServer Logs page. It is also possible to leverage RCE or cause...

Debian dsa-5642 : php-dompdf-svg-lib - security update

The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5642 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5642-1...

CVE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

CVE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

Netatalk < 3.1.18 RCE Vulnerability

Netatalk is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netatalk:netatalk...

CVE-2024-24578

RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution RCE vulnerability, caused by multiple issues within the Java based HMIPServer.jar component...

CVE-2024-24578

CVE-2024-24578 affects RaspberryMatic / OCCU prior to 3.75.6.20240316. The vulnerability stems from multiple issues in the Java HMIPServer.jar, enabling unauthenticated RCE via the Firmware upload UI at /pages/jpages (Zip Slip). An attacker can upload a malicious archive that is extracted without...

CVE-2024-23333

LAM (LDAP Account Manager) contains a vulnerability where log configuration allows arbitrary log-file paths. In versions before 8.7, an attacker could cause PHP code to be written to a log file and later executed when accessed via web. Mitigation requires knowledge of LAM’s master configuration p...

RCE in TranformGraph().to_dot_graph function

Summary RCE due to improper input validation in TranformGraph.todotgraph function Details Due to improper input validation a malicious user can provide a command or a script file as a value to savelayout argument, which will be placed as the first value in a list of arguments passed to...

CVE-2023-41334 astropy vulnerable to RCE in TranformGraph().to_dot_graph function

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...

CVE-2024-2599

File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure...