CVE-2023-39346 bjrjk/LinuxASMCallGraph before commit 20dba06 allows attackers to cause a RCE on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file

LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of...

Metasploit Weekly Wrap-Up

Fly High in the Sky With This New Cloud Exploit! This week, a new module was added that takes advantage of both authentication bypass and command injection in certain versions of Western Digital's MyCloud hardware. Submitted by community member Erik Wynter, this module gains access to the target,...

GHSA-W7VM-4V3J-VGPW PyroCMS remote code execution vulnerability

PyroCMS 3.9 contains a remote code execution RCE vulnerability that can be exploited through a server-side template injection SSTI flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system...

CVE-2023-29689

PyroCMS 3.9 contains a remote code execution RCE vulnerability that can be exploited through a server-side template injection SSTI flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system...

Webedition CMS 2.9.8.8 Remote Code Execution

Exploit Title: Webedition CMS v2.9.8.8 - Remote Code Execution RCE Application: webedition Cms Version: v2.9.8.8 Bugs: RCE Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author:...

CVE-2023-29689

CVE-2023-29689 affects PyroCMS 3.9 and is a remote code execution via server-side template injection (SSTI). Public writeups and exploits indicate exploitation requires an authenticated user with admin access (e.g., /admin) and show commands executed against the server. The vulnerability stems fr...

CVE-2023-29689

PyroCMS 3.9 contains a remote code execution RCE vulnerability that can be exploited through a server-side template injection SSTI flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system...

Webutler 3.2 Shell Upload

Exploit Title: Webutler v3.2 - Remote Code Execution RCE Application: webutler Cms Version: v3.2 Bugs: RCE Technology: PHP Vendor URL: https://webutler.de/en Software Link: http://webutler.de/download/webutlerv3.2.zip Date of found: 03.08.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technic...

Citrix ADC (NetScaler) Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC NetScaler Forms SSO Target RCE', 'Description' = %q A vulnerability exists within Citrix ADC that allows an unauthenticated attacker t...

CVE-2023-29689

PyroCMS 3.9 contains a remote code execution RCE vulnerability that can be exploited through a server-side template injection SSTI flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system...

Webedition CMS v2.9.8.8 - Remote Code Execution Exploit

Exploit Title: Webedition CMS v2.9.8.8 - Remote Code Execution RCE Application: webedition Cms Version: v2.9.8.8 Bugs: RCE Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author:...

PHP 8.0.x < 8.0.30 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.0.30. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.0.30 advisory. - In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR...

ReyeeOS 1.204.1614 - MITM Remote Code Execution Exploit

Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution RCE Google Dork: None Exploit Author: Riyan Firmansyah of Seclab Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/support/documents/slideEW1200G-PRO-Firmware-B11P204 Version: ReyeeOS 1.204.1614...

ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution RCE Google Dork: None Date: July 31, 2023 Exploit Author: Riyan Firmansyah of Seclab Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/support/documents/slideEW1200G-PRO-Firmware-B11P204 Version...

Intelliants Subrion CMS 4.2.1 - Authenticated File Upload Bypass to RCE

This module exploits an authenticated file upload vulnerability in Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by the .htaccess file not preventing the execution of .pht, .phar, and .xhtml files. Files with these extensions are not included in the .htaccess blacklist, hence...

Citrix ADC (NetScaler) Forms SSO Target RCE

A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root. Module Options msf use...

CVE-2023-38942

Dango-Translator v4.5.5 was discovered to contain a remote command execution RCE vulnerability via the component app/config/cloudconfig.json...

CVE-2023-38942

Dango-Translator v4.5.5 was discovered to contain a remote command execution RCE vulnerability via the component app/config/cloudconfig.json...

WordPress JetElements For Elementor Plugin <= 2.6.10 is vulnerable to Remote Code Execution (RCE)

Software JetElements For Elementor Type Plugin Vulnerable versions = 2.6.10 Fixed in 2.6.11 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-39157 Patch priority High CVSS severity High 9 Developer Crocoblock PSID d71d233fe4f0 Credits Rafie Muhammad Patchstack...

CVE-2023-36298

CVE-2023-36298 : The connected sources identify a file-upload vulnerability in DedeCMS v5.7.109 that can lead to remote code execution (RCE). The records do not specify the root cause details, affected subcomponents, exact exploit vectors, or a published fix/patch version. No in-the-wild exploita...