CVE-2023-22516

This High severity RCE Remote Code Execution vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code...

CVE-2023-22521

CVE-2023-22521 concerns Atlassian Crowd Data Center and Server. The vulnerability is an authenticated remote code execution (RCE) affecting the 3.4.6 baseline, with CVSS metrics indicating high impact on confidentiality, integrity, and availability and no user interaction required. Atlassian reco...

CVE-2023-4424

An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device...

Buffer overflow

An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device...

CVE-2023-4424 bt: hci: DoS and possible RCE

An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device...

CVE-2023-4424

CVE-2023-4424 affects Zephyr OS Bluetooth: a malicious BLE device can trigger a buffer overflow by sending malformed advertising packets, potentially causing DoS or remote code execution on the victim device. The issue is linked to the HCI Bluetooth controller path (le_advertising_report) and ste...

WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE

Description The plugin does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server 1. Go to "All Export" "New Export" 2. Select "WP Query Results" as the export type 3. Enter the payload phpinfo for the query. 4. Click customize and...

CVE-2023-48292 XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands ...

Click Stocks 1.3 - File Upload Remote Code Execution Vulnerability

Title: Click Stocks-1.3 - File Upload - RCE Author: nu11secur1ty Vendor: https://codecanyon.net/user/media-city Software: https://codecanyon.net/item/click-stocks-free-stock-photos-laravel-script/23356416 Reference: https://portswigger.net/web-security/file-upload,...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604-RCE Vulnerability A deserialization vulnerab...

Exploit for Incorrect Comparison in Dynamic-Linq Linq

Dynamic Linq injection to RCE - CVE-2023-32571 About Dynami...

Exploit for Incorrect Comparison in Dynamic-Linq Linq

Dynamic Linq injection to RCE - CVE-2023-32571 About Dynami...

CVE-2023-44351 Adobe ColdFusion RCE Security Vulnerability

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction...

CVE-2023-44351 Adobe ColdFusion RCE Security Vulnerability

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction...

CVE-2023-22273 ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction...

Microsoft’s November 2023 Patch Tuesday Addresses Five Zero-day Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the November Patch Tuesday release, Microsoft addressed a total of 63 CVEs, including three zero-day vulnerabilities. Within this range of vulnerabilities, the security update covered the typic...

CVE-2023-41101

An issue was discovered in the captive portal in OpenNDS before version 10.1.3. getquery in httpmicrohttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions...

CVE-2023-46214 Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations XSLT that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance...

CVE-2023-46214 Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations XSLT that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance...

CVE-2023-36008

CVE-2023-36008, Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability, is evidenced in connected sources as a remote code execution issue affecting Microsoft Edge (Chromium-based). The OpenVAS/Nessus entries corroborate an RCE vulnerability referenced with Edge versions around the 1...