CVE-2024-22638

liveSite v2019.1 was discovered to contain a remote code execution RCE vulenrabiity via the component /livesite/editdesignerregion.php or /livesite/addemailcampaign.php...

CVE-2023-40547 Shim: rce in http boot support may lead to secure boot bypass

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...

Exploit for Improper Authentication in Ivanti Connect_Secure

PoC exploit for CVE-2023-46805, an RCE vulnerability in Ivanti...

Internet Bug Bounty: Pickle deserialization vulnerability in XComs

CVE-2023-50943: Apache Airflow: Potential pickle deserialization vulnerability in XComs Severity: low Affected versions: - Apache Airflow before 2.8.1 Description: Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the...

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!

The maintainers of the open-source continuous integration/continuous delivery and deployment CI/CD automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution RCE. The issue, assigned the CVE...

Exploit for Injection in Atlassian Confluence_Data_Center

CVE-2023-22527 CVE-2023-22527 - RCE Remote Code Execution...

CVE-2024-22636

PluXml Blog v5.8.9 contains a remote code execution (RCE) vulnerability in the Static Pages feature, exploitable by injecting a crafted payload into the Content field. Affected product: PluXml Blog 5.8.9. Root cause details are not fully defined across the supplied sources, but multiple feeds ran...

Lexmark Printer RCE Vulnerability (CVE-2023-50734)

Multiple Lexmark printer devices are prone to remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFI...

CVE-2024-22638

CVE-2024-22638 affects liveSite v2019.1 and describes a remote code execution (RCE) vulnerability exploitable via the web components "/livesite/edit_designer_region.php" and "/livesite/add_email_campaign.php". The CVSS 3.1 base metrics indicate a critical impact (C:H, I:H, A:H) with network acces...

Cisco Unified Communications Manager RCE (cisco-sa-cucm-rce-bWNzQcUm)

According to its self-reported version, Cisco Unified Communications Manager running on the report host is affected by a remote code execution RCE vulnerability. Due to improper processing of user-provided data that is being read into memory, an unauthenticated, remote, attacker can execute...

Cisco Unity Connection RCE (cisco-sa-cucm-rce-bWNzQcUm)

According to its self-reported version, Cisco Unity Connection running on the report host is affected by a remote code execution RCE vulnerability. Due to improper processing of user-provided data that is being read into memory, an unauthenticated, remote, attacker can execute arbitrary code with...

CVE-2024-22636

Removed by vendor...

Exploit for Injection in Atlassian Confluence_Data_Center

CVE-2023-22527 CVE-2023-22527 - RCE Remote Code Execution Vu...

GHSA-VPH5-2Q33-7R9H Arbitrary file read vulnerability in Git server Plugin can lead to RCE

Jenkins Git server Plugin uses the args4j library to parse command arguments and options on the Jenkins controller when processing Git commands received via SSH. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents...

Arbitrary file read vulnerability in Git server Plugin can lead to RCE

Jenkins Git server Plugin uses the args4j library to parse command arguments and options on the Jenkins controller when processing Git commands received via SSH. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents...

Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE

Jenkins has a built-in command line interface CLI to access Jenkins from a script or shell environment. Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character...

OPENSUSE-SU-2024:0031-1 Security update for cacti, cacti-spine

This update for cacti, cacti-spine fixes the following issues: cacti-spine 1.2.26: Fix: Errors when uptime OID is not present Fix: MySQL reconnect option is depreciated Fix: Spine does not check a host with no poller items Fix: Poller may report the wrong number of devices polled Feature: Allow...

PRTG Authenticated Remote Code Execution Exploit

class MetasploitModule 'PRTG CVE-2023-32781 Authenticated RCE', 'Description' = %q Authenticated RCE in Paessler PRTG , 'License' = MSFLICENSE, 'Author' = 'Kevin Joensen ', 'References' = 'URL', 'https://baldur.dk/blog/prtg-rce.html', 'CVE', '2023-32781' , 'DisclosureDate' = '2023-08-09',...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Critical SECURITY-3314 / CVE-2024-23897 Arbitrary file read vulnerability through the CLI can lead to RCE Description High SECURITY-3315 / CVE-2024-23898 Cross-site WebSocket hijacking vulnerability in the CLI...

Exploit for Injection in Atlassian Confluence_Data_Center

CVE-2023-22527 An Exploitation tool to exploit the confluence...