Exploit for Deserialization of Untrusted Data in Spip

This is a proof of concept CVE-2023-27372 SPIP RCE vulnerabi...

CVE-2023-0925

Summary (CVE-2023-0925): Software AG webMethods OneData 10.11 is exposed with an embedded Azul Zulu Java 11.0.15 that runs a Java RMI registry on port 2099 and two RMI interfaces on a high, dynamically assigned port. An unauthenticated attacker with network access to these ports can instruct the ...

CVE-2023-39935

Archer C5400 firmware versions prior to 'Archer C5400JPV2230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands...

CVE-2023-40357

CVE-2023-40357 affects multiple TP-LINK routers (Archer AX50, A10, AX10, AX11000). The issue stems from improper filtration of command-related characters, allowing a network-adjacent authenticated attacker to execute arbitrary OS commands via the device. Affected firmware versions are: Archer AX5...

My Account Page Editor < 1.3.2 - Subscriber+ Arbitrary File Upload

Description The plugin does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE PoC Prerequisite: This vulnerability requires the "Upload Profile Picture" option to be enabled, which isn't th...

SUSE SLES15: apache2-mod_php8 / php8 / php8-bcmath / php8-bz2 / php8-calendar / etc (SUSE-SU-2023:3528-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3528-1 advisory. - CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. bsc1214106 - CVE-2023-3824:...

Debian dla-3555 : libapache2-mod-php7.3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3555 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3555-1 [email protected]...

CVE-2023-39358

Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the reportsuser.php file. In...

CVE-2023-21554 - QueueJumper - MSMQ RCE Check

This module checks the provided hosts for the CVE-2023-21554 vulnerability by sending a MSMQ message with an altered DataLength field within the SRMPEnvelopeHeader that overflows the given buffer. On patched systems, the error is caught and no response is sent back. On vulnerable systems, the...

CVE-2023-39681

Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...

CVE-2023-40743

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...

CVE-2023-40743

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...

CVE-2023-40743

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...

Design/Logic Flaw

UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API...

CVE-2023-40743

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...

CVE-2023-40743

Apache Axis 1.x is affected by CVE-2023-40743 due to unsafe handling in ServiceFactory.getService, which can enable DoS, SSRF, and remote code execution when untrusted input is used. The issue arises from LDAP-like lookups via the API. Mitigation is to migrate to a maintained SOAP engine (e.g., A...

Exploit for CVE-2023-4634

CVE-2023-4634 RCE Exploit for Wordpress Plugin Media-Library P...

CVE-2023-39681

CVE-2023-39681 affects Cuppa CMS v1.0, with a remote code execution (RCE) vulnerability exposed via the email_outgoing parameter in /Configuration.php. The issue is triggered by a crafted payload, enabling an attacker with network access and no privileges to execute code, with high impact to conf...

CVE-2023-39681

Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...

Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService

When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SS...