KLA52239 RCE vulnerability in PostgreSQL

Remote code execution vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories PostgreSQL: CVE-2023-39418: MERGE fails to enforce UPDATE or SELECT row security policies Related products PostgreSQL CVE list CVE-2023-39418...

KLA52240 RCE vulnerability in PostgreSQL

Remote code execution vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories PostgreSQL: CVE-2023-39417: Extension script @substitutions@ within quoting allow SQL injection Related products PostgreSQL CVE list...

Metabase Setup Token RCE

Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even after the setup process has been completed. With this token a user is able to submit the setup functionality to create a new database. When creating a new database, an H2 database string is created wi...

GHSA-HPF4-V7V2-95P2 PrestaShop file access through path traversal

Impact displayAjaxEmailHTML method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. This vulnerability can be exacerbated when coupled with CWE-502, which pertains to the Deserialization of Untrusted Data. Such a...

PrestaShop file access through path traversal

Impact displayAjaxEmailHTML method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. This vulnerability can be exacerbated when coupled with CWE-502, which pertains to the Deserialization of Untrusted Data. Such a...

Exploit for CVE-2023-38646

CVE-2023-38646 Automatic Tools For Metabase RCE Exploit Known...

.NET Core Multiple Vulnerabilities (KB5029688, KB5029689) - Windows

.NET Core prone to security feature bypass and elevation of privilege vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Debian DSA-5473-1 : orthanc - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5473 advisory. It was discovered that authenticated API users of Orthanc, a DICOM server for medical imaging, could overwrite arbitrary files and in some setups execute arbitrary...

Metabase Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Metabase Setup Token RCE', 'Description' = %q Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even...

Patch Tuesday - August 2023

Microsoft is addressing 86 vulnerabilities this August Patch Tuesday, including one zero-day vulnerability, as well as five critical remote code execution RCE vulnerabilities, and 12 browser vulnerabilities. An unpatched zero-day malicious document vulnerability from July also receives Windows OS...

CVE-2023-35381 Windows Fax Service Remote Code Execution Vulnerability

...

CVE-2023-29328

Technical details about CVE-2023-29328 are not publicly provided in the supplied documents. Available sources reference a Microsoft Teams RCE but do not specify affected versions, root cause, exploitability, or fixes. Monitor for updates and vendor advisories.

WP Ultimate CSV Importer < 7.9.9 - Author+ RCE

Description The plugin does not validate imported files, which could allow authors and above roles who have been granted access to the plugin settings to perform RCE...

Remote Code Execution (RCE)

SABnzbd is vulnerable to Remote Code Execution RCE. This vulnerability occurs due to a design flaw in the Notification Script functionality. An attacker can exploit this vulnerability by sending a specially crafted request to the SABnzbd web interface. This can be used to execute arbitrary code o...

Remote Code Execution (RCE)

gitlab is vulnerable to Remote Code Execution RCE. This vulnerability occurs due to a flaw in the way that GitLab handles group SAML SSO. An attacker can exploit this vulnerability to invite arbitrary users to a group, and then change the user's email address to an attacker-controlled address. Th...

Remote Code Execution (RCE)

gitlab is vulnerable to Remote Code Execution RCE. The vulnerability exists becuse the library does not properly validate image files, allowing an attacker to inject and execute malicious command through the file parser...

CVE-2023-38943

ShuiZe0x727 v1.0 was discovered to contain a remote command execution RCE vulnerability via the component /iniFile/config.ini...

CVE-2023-38943

ShuiZe0x727 v1.0 was discovered to contain a remote command execution RCE vulnerability via the component /iniFile/config.ini...

Command injection

ShuiZe0x727 v1.0 was discovered to contain a remote command execution RCE vulnerability via the component /iniFile/config.ini...

CVE-2023-38943

ShuiZe_0x727 v1.0 contains a remote command execution (RCE) vulnerability via the component /iniFile/config.ini. CVSS 3.1 metrics indicate NETWORK vector, high impact to confidentiality, integrity, and availability (8.8). No remediation details or in‑the‑wild exploitation information are provided...