11233 matches found
CVE-2023-22524
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code...
CVE-2023-22523
CVE-2023-22523 affects Atlassian’s Jira Service Management Assets Discovery (formerly Insight Discovery) where the vulnerability exists in the communication between the Assets Discovery application and the Assets Discovery agent. The issue enables privileged Remote Code Execution on systems runni...
CVE-2023-22522
CVE-2023-22522 is an RCE flaw in Atlassian Confluence Data Center and Server caused by a template injection vulnerability that lets an authenticated (including anonymous) attacker inject unsafe input into a Confluence page. Affected versions include Confluence Data Center/Server releases prior to...
Atlassian Confluence 8.6.x < 8.6.2 Template Injection
According to its self-reported version number, the Atlassian Confluence application running on the remote host is 4.x prior to 7.19.17, 8.x prior to 8.4.5, 8.5.x prior to 8.5.4, 8.6.x prior to 8.6.2 or 8.7.x prior to 8.7.1. It is, therefore, affected by a template injection vulnerability which...
Atlassian Confluence 8.7.x < 8.7.1 Template Injection
According to its self-reported version number, the Atlassian Confluence application running on the remote host is 4.x prior to 7.19.17, 8.x prior to 8.4.5, 8.5.x prior to 8.5.4, 8.6.x prior to 8.6.2 or 8.7.x prior to 8.7.1. It is, therefore, affected by a template injection vulnerability which...
Atlassian Confluence 4.x < 7.19.17 Template Injection
According to its self-reported version number, the Atlassian Confluence application running on the remote host is 4.x prior to 7.19.17, 8.x prior to 8.4.5, 8.5.x prior to 8.5.4, 8.6.x prior to 8.6.2 or 8.7.x prior to 8.7.1. It is, therefore, affected by a template injection vulnerability which...
CVE-2023-48859
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code...
CVE-2023-48859
TOTOLINK A3002RU (version 2.0.0-B20190902.1958) is affected by a post-authentication remote code execution due to improper access control. The vulnerability allows bypass of front-end security restrictions and arbitrary code execution after authentication. No concrete exploit details, affected co...
Atlassian Confluence 8.5.x < 8.5.4 Template Injection
According to its self-reported version number, the Atlassian Confluence application running on the remote host is 4.x prior to 7.19.17, 8.x prior to 8.4.5, 8.5.x prior to 8.5.4, 8.6.x prior to 8.6.2 or 8.7.x prior to 8.7.1. It is, therefore, affected by a template injection vulnerability which...
Atlassian Confluence 8.x < 8.4.5 Template Injection
According to its self-reported version number, the Atlassian Confluence application running on the remote host is 4.x prior to 7.19.17, 8.x prior to 8.4.5, 8.5.x prior to 8.5.4, 8.6.x prior to 8.6.2 or 8.7.x prior to 8.7.1. It is, therefore, affected by a template injection vulnerability which...
CVE-2023-49070 Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10...
CVE-2023-49070
CVE-2023-49070 is a pre-auth RCE in Apache OFBiz up to version 18.12.09, caused by an unused XML-RPC component that remains present. Affected product: Apache OFBiz before 18.12.10 (and related CVE-2023-51467 authentication-bypass vector). The severity is high (CVSS v3.1 base score 9.8) with netwo...
RCE in Confluence Data Center and Server - CVE-2023-22522
h2. Summary of Vulnerability This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve RCE on an affected instance. Confluence Data Center and...
CVE-2023-48691
Azure RTOS NetX Duo contains an out-of-bounds write in the IGMP-related path (RTOS v6.2.1 and below) that could allow remote code execution. The vulnerability affects the NetX Duo TCP/IP stack used in embedded/IoT contexts. The publicly documented fix is in NetX Duo release 6.3.0; upgrading is ad...
CVE-2023-49070
Pre-auth RCE in Apache Ofbiz 18.12.09. It’s due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 Recent assessments: cbeek-r7 at January 03, 2024 8:34am UTC reported: CVE-2023-49070 is a critical...
WordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE)
Software Astra Pro Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-49830 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 4758946ebae8 Credits Rafie Muhammad Patchstack Required...
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessortransformorg.htmlunit.activex.javascript.msxml.XMLDOMNode The reason for the vulnerability is th...
Remote code execution
The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE Remote Code Execution vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges...
CVE-2023-5762 Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext
The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE Remote Code Execution vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges...
CVE-2023-5762
The CVE concerns the Filr WordPress plugin prior to version 1.2.3.6, which is vulnerable to Remote Code Execution (RCE) via a file upload with a phar extension. This allows an attacker with Author-level privileges to execute commands on the server, potentially fully compromising the hosting envir...