Oracle Java SE Security Update (jul2023) 03 - Linux

Oracle Java SE is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CmsMadeSimple v2.2.17 - Remote Code Execution Exploit

Exploit Title: CmsMadeSimple v2.2.17 - Remote Code Execution RCE Application: CmsMadeSimple Version: v2.2.17 Bugs: Remote Code ExecutionRCE Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 12-07-2023 Author:...

CVE-2023-22506

This High severity Injection and RCE Remote Code Execution vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center. This Injection and RCE Remote Code Execution vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker to modify the actions...

CVE-2023-22506

CVE-2023-22506 affects Atlassian Bamboo Data Center, introduced in 8.0.0. An authenticated attacker can modify a system call and execute arbitrary code (RCE) with high impact to confidentiality, integrity, and availability, without user interaction. Vulnerable: Bamboo Server/Data Center versions ...

CVE-2023-22508

This High severity RCE Remote Code Execution vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high...

CVE-2023-22508

CVE-2023-22508 is a high-severity Remote Code Execution vulnerability in Atlassian Confluence Data Center & Server, introduced in version 6.1.0. The flaw enables an authenticated attacker to execute arbitrary code with high impact to confidentiality, integrity, and availability, without user inte...

CVE-2023-22508

This High severity RCE Remote Code Execution vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high...

CVE-2023-22505

This High severity RCE Remote Code Execution vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high...

CVE-2023-22505

This High severity RCE Remote Code Execution vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high...

CVE-2023-22505

CVE-2023-22505 affects Atlassian Confluence Data Center & Server. A remote code execution flaw exists due to insufficient input validation, enabling an authenticated attacker to execute arbitrary code with high impact on confidentiality, integrity, and availability. Affected versions include 8.0....

Remote Code Execution (RCE)

xalpha is vulnerable to Remote Code Execution RCE. The vulnerability exists in the basicinit function of info.py due to the use of the eval method without user input validation, which allows an attacker to execute malicious code in the system...

CVE-2023-26512 Apache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted data

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh incubating V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master...

CVE-2023-26512 Apache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted data

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh incubating V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master...

CVE-2021-37384

CVE-2021-37384 affects Furukawa ONU models with vulnerable web interface components (e.g., Furukawa 423-41W/AC before 1.1.4 and LD421-21W before 1.3.3). The root cause is a Remote Code Execution via the web interface that allows unauthenticated remote command execution. Impact is high (as indicat...

CVE-2021-37384

RCE Remote Code Execution vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface...

Pluck v4.7.18 - Remote Code Execution Exploit

Exploit Title: Pluck v4.7.18 - Remote Code Execution RCE Application: pluck Version: 4.7.18 Bugs: RCE Technology: PHP Vendor URL: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Date of found: 10-07-2023 Author: Mirabbas Ağalarov Tested on: Linux import reques...

Admidio v4.2.10 - Remote Code Execution Vulnerability

Exploit Title: Admidio v4.2.10 - Remote Code Execution RCE Application: Admidio Version: 4.2.10 Bugs: RCE Technology: PHP Vendor URL: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Date of found: 10.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical...

Pluck v4.7.18 - Remote Code Execution (RCE)

Exploit Title: Pluck v4.7.18 - Remote Code Execution RCE Application: pluck Version: 4.7.18 Bugs: RCE Technology: PHP Vendor URL: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Date of found: 10-07-2023 Author: Mirabbas Ağalarov Tested on: Linux import reques...

CVE-2023-36887

CVE-2023-36887 affects Microsoft Edge (Chromium-based). Talos details a memory corruption/type confusion vulnerability in the MSDCPDF Javascript implementation used to process Acrobat-based PDFs, exploitable via specially crafted PDF documents. Affected Edge versions include 112.0.1722.58 and 114...

Improper Input Validation

Apache Airflow Apache Hive Provider is vulnerable to Improper Input Validation vulnerability. The vulnerability is due to not validating/sanitising proxyuser option and allowing injection of a semicolon while connecting to Apche Hive using Hive CLI Connection. This can result in bypassing securit...