11233 matches found
GHSA-G3M9-PR5M-4CVP Airflow Sqoop Provider RCE Vulnerability
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
CVE-2023-27604
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
CVE-2023-27604
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
Authorization
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
CVE-2023-40195 Apache Airflow Spark Provider Deserialization Vulnerability RCE
Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks...
CVE-2023-27604 Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
CVE-2023-27604 Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
CVE-2023-27604
CVE-2023-27604 affects the Apache Airflow Sqoop Provider, versions before 4.0.0. The weakness allows an authenticated attacker with permissions to create/edit connections to pass parameters via a connection (for example, via sqoop import --connect), enabling remote code execution and obtaining Ai...
Exploit for Improper Access Control in Citrix Sharefile_Storage_Zones_Controller
CVE-2023-24489-poc POC for CVE-2023-24489 with bash. It need...
Exploit for CVE-2023-21939
JDK CVE-2023-21939 文章链接https://mp.weixin.qq.com/s?biz=M...
Exploit for PHP External Variable Modification in Juniper Junos
CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36...
Juniper Junos OS Pre-Auth RCE (JSA72300)
The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA72300 advisory. - A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX and SRX Series allows an unauthenticated, network-based attacker to...
Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller
Citrix ADC RCE CVE-2023-3519 Exploit Guide This document prov...
CVE-2023-40572 XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality,...
The Tale of Two Exploits - Breaking Down CVE-2023-36884 and the Infection Chain
The Tale of Two Exploits - Breaking Down CVE-2023-36884 and the Infection Chain By Chintan Shah · August 24, 2023 Executive Summary On July 11 2023, Microsoft released a patch fixing multiple actively exploited RCE vulnerabilities and disclosed a phishing campaign conducted by the threat actor,...
Gitea 1.20.x < 1.20.1 RCE Vulnerability
Gitea is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitea:gitea";...
The Tale of Two Exploits - Breaking Down CVE-2023-36884 and the Infection Chain
The Tale of Two Exploits - Breaking Down CVE-2023-36884 and the Infection Chain By Trellix · August 24, 2023 This blog was written by Chintan Shah Executive Summary On July 11 2023, Microsoft released a patch fixing multiple actively exploited RCE vulnerabilities and disclosed a phishing campaign...
XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action
Impact The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. To reproduce, the XWiki syntax...
SugarCRM 12.2.0 PHP Object Injection
------------------------------------------------------------------------------- SugarCRM = 12.2.0 DocusignGlobalSettings PHP Object Injection Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions...
Ubuntu 22.04 LTS / 23.04 : PHP vulnerabilities (USN-6305-1)
The remote Ubuntu 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6305-1 advisory. It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information...