Important: shim

Issue Overview: A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive...

GL.iNet AR300M 4.3.7 Remote Code Execution

!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

openSUSE Security Advisory (openSUSE-SU-2024:0031-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ESPHome vulnerable to remote code execution via arbitrary file write

Summary Security misconfiguration in edit configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. Detail...

CVE-2024-25293

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...

Remote code execution

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...

CVE-2024-25293

CVE-2024-25293 affects mjml-app versions 3.0.4 and 3.1.0-beta. Multiple sources confirm a remote code execution (RCE) via the href attribute, notably involving the mj-button tag and path traversal, enabling local code execution. An exploit PoC is available (PoC repository linked in connected docu...

CVE-2024-22891

CVE-2024-22891 affects Nteract v0.28.0 and is a Remote Code Execution (RCE) via Markdown links. The issue arises from using Electron WebView with nodeIntegration enabled in the Markdown parser, enabling an attacker to achieve RCE by crafting a link or shared file. The CVSS v3.1 impact is high (CV...

CVE-2024-0864 RCE in Laragon

Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution RCE attack via an improper input validation in a fileupload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned...

CVE-2024-0864

CVE-2024-0864 affects Laragon when the Simple Ajax Uploader plugin is enabled. The vulnerability arises from improper input validation in a file_upload.php example that can enable remote code execution (RCE). By default, Laragon is not vulnerable unless the plugin is used. Connected sources (Red ...

Exploit for Improper Input Validation in Microsoft

CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulne...

Exploit for Improper Control of Dynamically-Managed Code Resources in Apache Solr

Apache-Solr-RCECVE-2023-50386POC Apache Solr Backup/Restor...

CVE-2024-27656

CVE-2024-27656 affects D-Link DIR-823G version A1V1.0.2B05, with a buffer overflow in handling the Cookie parameter. The Root Cause is a flaw in the firmware that allows crafted input to overflow a buffer, leading to DoS and potentially remote code execution. Documentation consistently states vul...

CentOS 9 : nodejs-16.16.0-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.16.0-1.el9 build changelog. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs...

AXIS OS RCE Vulnerability (Feb 2024)

AXIS OS is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:axis:axisos"; if...

CVE-2024-27099

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987...

Double free

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987...

CVE-2024-27099 Azure IoT Platform Device SDK Double Free Vulnerability

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987...

CVE-2024-27099 Azure IoT Platform Device SDK Double Free Vulnerability

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987...

CVE-2024-27099

CVE-2024-27099 affects the Azure uAMQP C library (AMQP 1.0) and is caused by a double-free when processing an incorrect AMQP_VALUE failed state, which may lead to remote code execution. The vulnerability is addressed by updating the submodule to commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987. Se...