CVE-2023-40619

phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the...

Apache Druid < 0.20.2 RCE

Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker...

RCE (Remote Code Execution) in Bitbucket Data Center and Server - CVE-2022-1471

h2. Summary of Vulnerability Multiple Atlassian Data Center and Server Products use the SnakeYAML library for Java, which is susceptible to a deserialization flaw that can lead to RCE Remote Code Execution. i Atlassian Cloud sites are not affected by this vulnerability. If your site is accessed...

Lexmark Device Embedded Web Server RCE

A unauthenticated Remote Code Execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they would like to add an Admin user. If...

CVE-2023-42793

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible...

Authentication flaw

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible...

Remote code execution

This High severity RCE Remote Code Execution vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to...

CVE-2023-22513

CVE-2023-22513 is a high-severity remote code execution vulnerability in Bitbucket Data Center/Server, introduced in v8.0.0. An authenticated attacker can execute arbitrary code with high impact on confidentiality, integrity, and availability, with no user interaction. Fixed versions are specifie...

CVE-2023-42793

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible...

CVE-2023-42793

CVE-2023-42793 affects JetBrains TeamCity prior to 2023.05.4, where an authentication bypass can lead to remote code execution (RCE) on the TeamCity server. Public evidence includes multiple PoC and exploit scripts on GitHub and Exploit-DB describing admin account creation and RCE workflows, with...

Super Store Finder 3.7 Remote Command Execution Vulnerability

Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote Code Execution Researcher : Etharus Vendor : Joe Iz, https://www.superstorefinder.net/ Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.7 and below Date : 18 September 2023 FOFA Dork :...

Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload

Description The plugin does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE PoC On a page where there is a form with a Signature field, run the following code in the web developer console while...

CVE-2023-42793

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible Recent assessments: sfewer-r7 at September 27, 2023 1:47pm UTC reported: Based on the accompanying Rapid7 Analysis, the attacker value for CVE-2023-42793 is very high given the target produ...

A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA

A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...

GHSA-R87Q-FQ37-PVR6 A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA

A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...

GHSA-3P86-9955-H393 Arbitrary File Overwrite in Eclipse JGit

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

ThemeBleed exploit is another reason to patch Windows quickly

Included in the September 2023 Patch Tuesday updates was a fix for a vulnerability which has been dubbed ThemeBleed. A Proof-of-Concept PoC exploit has been released by Gabe Kirkpatrick, one of the researchers acknowledged for reporting the vulnerability. The Common Vulnerabilities and Exposures...

CVE-2023-33831

CVE-2023-33831 affects FUXA 1.1.13 via the unauthenticated /api/runscript endpoint, enabling remote code execution through a crafted POST request. The underlying issue allows attackers to execute arbitrary commands, potentially compromising the SCADA/HMI system. Affected component: runscript API ...

Rockwell Automation LP30/40/50 and BM40 Operator Interface Stack-Based Buffer Overflow (CVE-2022-47386)

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...

CVE-2023-4994 Allow PHP in Posts and Pages <= 3.0.4 - Authenticated (Subscriber+) Remote Code Execution via Shortcode

The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server...