CVE-2023-4521

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue...

CVE-2023-0625

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0...

CVE-2023-0626

Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0...

Code injection

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue...

CVE-2023-4521

The CVE-2023-4521 entry concerns the Import XML and RSS Feeds WordPress plugin. Affected versions prior to 2.1.5 allow unauthenticated RCE via a web shell; the vulnerability arises from PoC files being left behind and not deleted when releasing version 2.1.5. The plugin/vendor themselves were not...

CVE-2023-4521 Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue...

CVE-2023-4521 Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue...

CVE-2023-4300

The CVE-2023-4300 entry concerns the WordPress plugin Import XML and RSS Feeds, prior to version 2.1.4. The root cause is failure to filter file extensions for uploaded files, enabling an attacker to upload a PHP file and achieve Remote Code Execution. Public details across sources confirm the af...

CVE-2023-0626

CVE-2023-0626 affects Docker Desktop prior to 4.12.0, where an RCE vulnerability exists via query parameters in the message-box route. Root cause is an insecure handling of query parameters in the message-box endpoint, leading to remote code execution with high impact on confidentiality, integrit...

CVE-2023-0626 Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route

Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0...

CVE-2023-0625 Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0...

CVE-2023-0625 Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0...

CVE-2023-0625

Docker Desktop before 4.12.0 is vulnerable to remote code execution via a crafted extension description or changelog. Affected software is Docker Desktop (pre-4.12.0); impact is high/critical per CVSS. The issue arises from how extensions describe themselves or their changelogs, enabling RCE. Rem...

Metasploit Weekly Wrap-Up

Improved Ticket Forging Metasploit’s admin/kerberos/forgeticket module has been updated to work with Server 2022. In Windows Server 2022, Microsoft started requiring additional new PAC elements to be present - the PAC requestor and PAC attributes. The newly forged tickets will have the necessary...

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

Atlassian and the Internet Systems Consortium ISC have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service DoS and remote code execution. The Australian software services provider said that the four high-severity flaws were fixed in new...

CVE-2023-43270

CVE-2023-43270 concerns the web app dst-admin v1.5.0, where a Remote Command Execution (RCE) flaw is triggered by the userId parameter at the /home/playerOperate endpoint. The vulnerability is described across multiple sources as an RCE in dst-admin v1.5.0 with a CVSSv3.1 base score of 9.8 (CRITI...

CVE-2023-43270

dst-admin v1.5.0 was discovered to contain a remote command execution RCE vulnerability via the userId parameter at /home/playerOperate...

Netatalk 3.1.x < 3.1.17 RCE Vulnerability

Netatalk is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netatalk:netatalk...

Design/Logic Flaw

In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileNameString name method. As soon as this...

CVE-2023-4291 Frauscher FDS101 for FAdC/FAdCi remote code execution vulnerability

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution RCE vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device...