CVE-2024-21429

The CVE-2024-21429 entry covers a remote code execution vulnerability in the Windows USB Hub Driver. According to the description, the issue affects the USB Hub Driver and could lead to arbitrary code execution with high impact on confidentiality, integrity, and availability. Exploitation details...

CVE-2024-21411

CVE-2024-21411 — Skype for Consumer RCE : The vulnerability is caused by insufficient input validation in Skype for Consumer, allowing a remote attacker to execute arbitrary code. Exploitation requires user interaction (e.g., opening a malicious page/rogue link). The CVSSv3.1 base score is 8.8 (H...

gimp:2.8 security update

An update is available for module.python2-pycairo, pygobject2, python2-pycairo, pygtk2, gimp, module.pygobject2, module.gimp, module.pygtk2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RLSA-2024:0861 Important: gimp:2.8 security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: PSD buffe...

Exploit for CVE-2024-28741

NorthStar C2 agent RCE via stored XSS Agent RCE PoC for CVE-20...

CVE-2024-25331

DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution RCE vulnerability elevated from HNAP Stack-Based Buffer Overflow...

NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution Exploit

NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross sit...

CVE-2024-25331

Summary of CVE-2024-25331 : D-Link DIR-822 family devices are affected by a LAN-side unauthenticated remote code execution (RCE) vulnerability that arises from a stack-based overflow in the HNAP handling. Affected products and versions include DIR-822 Rev. B firmware 2.02KRB09 and DIR-822-CA Rev....

Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCE

Exploit Title: Cisco Firepower Management Center Google Dork: non Date: 12/06/2023 Exploit Author: Abdualhadi khalifa Version: 6.2.3.18", "6.4.0.16", "6.6.7.1 CVE : CVE-2023-20048 import requests import json set the variables for the URL, username, and password for the FMC web services interface...

CVE-2024-23610

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...

DataCube3 1.0 Shell Upload

Exploit Title: DataCube3 v1.0 - Unrestricted file upload 'RCE' Date: 7/28/2022 Exploit Author: Samy Younsi - NS Labs https://neroteam.com Vendor Homepage: https://www.f-logic.jp Software Link: https://www.f-logic.jp/pdf/support/manualproduct/manualproductdatacube3ver1.0sc.pdf Version: Ver1.0 Test...

HP Printer RCE Vulnerability (HPSBPI03917)

Multiple HP printer are prone to a remote code execution RCE vulnerability due to a buffer overflow when rendering fonts embedded in a PDF file. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

Akaunting 3.1.3 Remote Command Execution

Exploit Title: Akaunting 3.1.3 - RCE Date: 08/02/2024 Exploit Author: [email protected] Vendor Homepage: https://akaunting.com Software Link: https://github.com/akaunting/akaunting Version: = 3.1.3 Tested on: Ubuntu 22.04 CVE : CVE-2024-22836 !/usr/bin/python3 import sys import re import requests...

DataCube3 v1.0 - Unrestricted file upload 'RCE'

Exploit Title: DataCube3 v1.0 - Unrestricted file upload 'RCE' Date: 7/28/2022 Exploit Author: Samy Younsi - NS Labs https://neroteam.com Vendor Homepage: https://www.f-logic.jp Software Link: https://www.f-logic.jp/pdf/support/manualproduct/manualproductdatacube3ver1.0sc.pdf Version: Ver1.0 Test...

Exploit for CVE-2024-27697

FuguHub 8.4 Authenticated RCE Fuguhub is a Cloud Media Serve...

Metasploit Wrap-Up 03/08/2024

New module content 2 GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: 18821 contributed by n00bhaxor Path: gather/gitlabtagsrssfeedemaildisclosure AttackerKB reference: CVE-2023-5612 Description: This adds an auxiliary module that leverages an...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

Cyberspace Mapping Dork Fofa app="JETBRAINS-TeamCity...

Remote Code Execution (RCE)

paddlepaddle is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of user input in the HDFSClient class within fs.py.This allows an attacker to execute arbitrary commands by injecting malicious input, resulting in Code Injection...

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. "The attackers...

BIT-TENSORFLOW-2022-23594 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...