Exploit for Code Injection in Apache Ofbiz

ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For C...

Exploit for CVE-2023-22524

Atlassian Companion RCE Vulnerability Proof of Concept CVE-20...

CVE-2023-48085

Nagios XI before version 5.11.3 was discovered to contain a remote code execution RCE vulnerability via the component commandtest.php...

CVE-2023-45894

CVE-2023-45894 affects the Parallels Remote Application Server (RAS). The vulnerability stems from the RAS not segmenting virtualized applications from the server, enabling a remote attacker to achieve remote code execution via kiosk-breakout techniques on versions prior to 19.2.23975. Reported s...

CVE-2023-48085

Nagios XI prior to 5.11.3 contains a Remote Code Execution (RCE) vulnerability in the command_test.php component (Core Config Manager). Root cause referenced as insufficient neutralization/validation in command_test.php, enabling arbitrary code execution. Affected versions: Nagios XI

CVE-2023-48085

Nagios XI before version 5.11.3 was discovered to contain a remote code execution RCE vulnerability via the component commandtest.php...

Exploit for CVE-2023-4636

CVE-2023-4636 - The vulnerability in the limelight is an unau...

Microsoft patches 34 vulnerabilities, including one zero-day

December’s Patch Tuesday is a relatively quiet one on the Microsoft front. Redmond has patched 34 vulnerabilities with only four rated as critical. One vulnerability, a previously disclosed unpatched vulnerability in AMD central processing units CPUs, was shifted by AMD to software developers. Th...

CVE-2023-48632 ZDI-CAN-22172: Adobe After Effects AEP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe After Effects versions 24.0.3 and earlier and 23.6.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

Insecure Deserialization/Unsafe Attributes Merge

phenx/php-svg-lib is vulnerable to Insecure Deserialization. The vulnerability is caused due to unsafe attributes such as href, xlink:href and id while merging attributes from the tag to the tag when handling a tag that references an tag. This can lead to an unsafe file read that can cause PHAR...

Atlassian Confluence < Companion-2.0.0 / < Companion-2.0.1 (CONFSERVER-93518)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93518 advisory. - RCE Vulnerability in Atlassian Companion App for MacOS CVE-2023-22524 Note that Nessus has not tested for this issue but has instead relied only o...

Atlassian Confluence 6.13.x < 7.13.18 / 7.14.x < 7.19.10 / 7.20.x < 8.3.1 (CONFSERVER-91463)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-91463 advisory. - RCE Remote Code Execution in Confluence Data Center and Server CVE-2022-1471 Note that Nessus has not tested for this issue but has instead relied...

VMware Spring Framework RCE Vulnerability (Spring4Shell, SpringShell) - Active Check

The VMware Spring Framework is prone to a remote code execution RCE vulnerability dubbed SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Patch Tuesday - December 2023

Microsoft is addressing 34 vulnerabilities this December Patch Tuesday, including a single zero-day vulnerability and three critical remote code execution RCE vulnerabilities. December Patch Tuesday has historically seen fewer patches than a typical month, and this trend continues in 2023. This...

Splunk Authenticated XSLT Upload RCE

This Metasploit module exploits a Remote Code Execution RCE vulnerability in Splunk Enterprise. The affected versions include 9.0.x before 9.0.7 and 9.1.x before 9.1.2. The exploitation process leverages a weakness in the XSLT transformation functionality of Splunk. Successful exploitation requir...

CVE-2023-35629

CVE-2023-35629 concerns the Microsoft USBHUB 3.0 Device Driver Remote Code Execution vulnerability in Windows. The OpenVAS entry links CVE-2023-35629 to the Windows USB Mass Storage Class Driver (table showing CVE-2023-35629 with a “Executing random code” impact), indicating the issue manifests a...

Exploit for Missing Authorization in Zoneminder

Zoneminder Unauthenticated RCE via Snapshots CVE-2023-26035...

New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now

Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked as CVE-2023-50164, the vulnerability is rooted in a flawed "file upload logic" that could enable unauthorized path...

Backup Migration < 1.3.8 - Unauthenticated RCE

Description The plugin is vulnerable to Remote Code Execution via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated...

CVE-2023-49964

An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI Server-Side Template Injection attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE...