CVE-2024-22899

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the syncNtpTime function...

CVE-2024-22903

CVE-2024-22903 affects Vinchin Backup & Recovery v7.2 and earlier. The vulnerability is an authenticated remote code execution via the deleteUpdateAPK function in SystemHandler.class.php, caused by improper handling/validation of the file_name input leading to command injection (exec). Impact is ...

CVE-2024-22903

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the deleteUpdateAPK function...

CVE-2024-22899

Vinchin Backup & Recovery v7.2 (and earlier) has an authenticated remote code execution (RCE) vulnerability in the syncNtpTime function. The issue stems from the ntphost handling in SystemHandler.class.php, where user-controlled input can be injected into a system command, enabling arbitrary comm...

CVE-2024-22900

CVE-2024-22900 affects Vinchin Backup & Recovery (versions 7.2 and earlier). An authenticated attacker can trigger command injection via the setNetworkCardInfo(NAME) path, where user-supplied NAME is used in system commands, enabling remote code execution. Public writeups describe exploitation th...

Mirth Connect Deserialization RCE

A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and...

Lexmark Printer RCE Vulnerability (CVE-2023-50735)

Multiple Lexmark printer devices are prone to remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFI...

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF

Summary Fix bypass to the following bugs - https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m - https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35 Allowing to inject directly in the app.ini via CRLF to change the value of testconfigcmd and startcm...

Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature

Summary The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system...

GHSA-XVQ9-4VPV-227M Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature

Summary The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system...

CVE-2024-23828 Nginx-UI authenticated RCE through injecting into the application config via CRLF

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...

CVE-2024-23828 Nginx-UI authenticated RCE through injecting into the application config via CRLF

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...

Exploit for Path Traversal in Jenkins

CVE-2024-23897 CVE-2024-23897 - Arbitrary file read vulne...

Exploit for Path Traversal in Jenkins

poc-cve-2024-23897 this code is my attempt to...

Metasploit Weekly Wrap-Up 01/26/24

Direct Syscalls Support for Windows Meterpreter Direct system calls are a well-known technique that is often used to bypass EDR/AV detection. This technique is particularly useful when dynamic analysis is performed, where the security software monitors every process on the system to detect any...

Exploit for Path Traversal in Jenkins

CVE-2024-23897 Jenkins CVE-2024-23897: Arbitrary File Read Vul...

CVE-2023-6159

An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a Cargo.toml containing maliciously crafted input...

AlmaLinux 9 : php:8.1 (ALSA-2024:0387)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0387 advisory. php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: DoS vulnerability when parsing multipart request body CVE-2023-0662 php: Missing...

Atlassian Confluence SSTI Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence SSTI Injection', 'Description' = %q This module exploits an SSTI injection in Atlassian Confluence servers. A specially...

Atlassian Confluence 8.0 < 8.5.4 (CONFSERVER-93833) (Direct Check)

Binary data confluencecve202322527.nbin...