WordPress Booking Calendar, Appointment Booking System Plugin < 3.2.2 File Upload Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpdevart:bookingcalendar"; if description...

CVE-2023-51812

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution RCE vulnerability via the list parameter at /goform/SetNetControlList...

CVE-2023-51812

The CVE-2023-51812 vulnerability affects Tenda AX3 v16.03.12.11, exploitable via the list parameter in /goform/SetNetControlList. The root cause is failure to properly filter elements in the constructed code segment, enabling remote code execution with network access and no user interaction. CVSS...

CVE-2023-51812

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution RCE vulnerability via the list parameter at /goform/SetNetControlList...

CMSMS 2.2.19 Arbitrary File Upload

Title: cmsms-2.2.19 - File Upload - RCE Author: nu11secur1ty Date: 12/29/2023 Vendor: https://www.cmsmadesimple.org/ Software: https://www.cmsmadesimple.org/downloads-header/cmsms/ Reference: https://portswigger.net/web-security/file-upload,...

CVE-2023-39157 WordPress JetElements For Elementor Plugin <= 2.6.10 is vulnerable to Remote Code Execution (RCE)

Improper Control of Generation of Code 'Code Injection' vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10...

CVE-2023-50651

CVE-2023-50651 affects TOTOLINK X6000R v9.4.0cu.852_B20230719, with a remote command execution vulnerability in the /cgi-bin/cstecgi.cgi component. The root cause is improper handling/filtering of constructed command characters, enabling arbitrary command execution. Impact is described as complet...

Imperva defends customers against recent vulnerabilities in Apache OFBiz

On December 26, researchers from SonicWall Capture Labs discovered an authentication bypass vulnerability in Apache OFBiz, tracked as CVE-2023-51467. This bug has a CVSS score of 9.8 and allows attackers to achieve server-side request forgery SSRF by bypassing the program’s authentication. This...

CVE-2023-50571

easy-rules-mvel v4.1.0 was discovered to contain a remote code execution RCE vulnerability via the component MVELRule...

CVE-2023-51420 WordPress Verge3D Plugin <= 4.5.2 is vulnerable to Remote Code Execution (RCE)

Improper Control of Generation of Code 'Code Injection' vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2...

CVE-2023-47840 WordPress Qode Essential Addons Plugin <= 1.5.2 is vulnerable to Remote Code Execution (RCE)

Improper Control of Generation of Code 'Code Injection' vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2...

CVE-2023-22677 WordPress WP Booklet Plugin <= 2.1.8 is vulnerable to Remote Code Execution (RCE)

Improper Control of Generation of Code 'Code Injection' vulnerability in BinaryStash WP Booklet.This issue affects WP Booklet: from n/a through 2.1.8...

WP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCE

Description The plugin accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code...

CVE-2023-50571

CVE-2023-50571 affects easy-rules-mvel v4.1.0, with a remote code execution (RCE) vulnerability exploitable via the MVELRule component. The available sources in the provided documents identify the affected software and the existence of RCE, but do not include concrete patch versions or remediatio...

CVE-2023-46987

SeaCMS v12.9 was discovered to contain a remote code execution RCE vulnerability via the component /augap/adminip.php...

CVE-2023-46987

CVE-2023-46987 affects SeaCMS v12.9 and is described as a remote code execution (RCE) vulnerability exploitable via the /augap/adminip.php component. The issue is consistently reported across multiple sources (NVD, Red Hat, CNNVD, PRION/Prio-n, CVE list, etc.) with SeaCMS v12.9 identified as vuln...

CVE-2023-46987

SeaCMS v12.9 was discovered to contain a remote code execution RCE vulnerability via the component /augap/adminip.php...

Exploit for Missing Authorization in Zoneminder

Exploit - ZoneMinder CVE-2023-26035 There is a Unauthentica...

Exploit for CVE-2023-6553

CVE-2023-6553 PoC LFI to RCE Unauthenticated Remote Code Ex...

WordPress Verge3D Plugin <= 4.5.2 is vulnerable to Remote Code Execution (RCE)

Software Verge3D Type Plugin Vulnerable versions = 4.5.2 Fixed in 4.5.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-51420 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID ab5d91bd1b2c Credits Rafie Muhammad Patchstack Required...