11236 matches found
GHSA-3Q76-JQ6M-573P Archive_Tar contains Potential RCE if filename starts with phar://
PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...
Mongoose Prototype Pollution Vulnerability
If an attacker has some way to control an object on the Mongo server through one way or another, it is possible to cause prototype pollution on any Mongoose client. Notably, if a poorly implemented service allows a user to control the object in findByIdAndUpdate and similar functions, this bug...
CVE-2023-37170
TOTOLINK A3300R (V17.0.0cu.557_B20221024) is affected by CVE-2023-37170: an unauthenticated remote code execution via the lang parameter in the setLanguageCfg function. The vulnerability is described in multiple sources as a code execution condition stemming from improper handling of input in the...
Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration
Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...
Apache RocketMQ update config RCE
RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that...
GHSA-PJ5J-W7MW-W797 Apache Linkis Zip Slip issue
In Apache Linkis =1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2...
HtmlUnit Code Injection vulnerability
Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage...
Apache Linkis Zip Slip issue
In Apache Linkis =1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2...
GHSA-3XRR-7M6P-P7XH HtmlUnit Code Injection vulnerability
Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage...
Apache Kylin vulnerable to remote code execution
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...
CVE-2023-36460
CVE-2023-36460 affects Mastodon before the patches: 3.5.0–3.5.8, 4.0.0–4.0.4, and 4.1.0–4.1.2. A media processing flaw allows crafted media files to cause arbitrary files to be created or overwritten at any location the instance can access, enabling Denial of Service and arbitrary Remote Code Exe...
Gila CMS 1.10.9 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Gila CMS 1.10.9 - Remote Code Execution RCE Authenticated Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://gilacms.com/ Software Link: https://github.com/GilaCMS/gila/ Version: Gila 1.10.9 Tested on: Linux import requests from termcolor import colored from...
D-Link DIR-823G 'EXCU_SHELL' RCE Vulnerability - Active Check
D-Link DIR-823G Routers are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-36821
CVE-2023-36821 affects Uptime Kuma prior to 1.22.1. An authenticated user can install a malicious plugin via the plugin installation flow, where plugins are installed with npm in the plugin directory. The plugin validation relies on an official plugin list and does not disable npm scripts during ...
Exploit for Deserialization of Untrusted Data in Spip
This PoC was wrote quickly, it's nothing special. This e...
Attacks, Vulnerabilities and Actors 26 June to 2 July 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of four attacks executed, taking advantage of three different vulnerabilities in...
The Bug Report - June 2023 Edition
The Bug Report – June 2023 Edition By Trellix · July 05, 2023 This story was also written by Jesse Chick. Can I have a word with the developers who greenlit these vulns? Why am I here? "To our newcomers, welcome! To our old hands, welcome back!" Iykyk. Every month, we chronicle the disruptive new...
POS Codekop v2.0 - Authenticated Remote Code Execution Vulnerability
Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution RCE Exploit Author: yuyudhn Vendor Homepage: https://www.codekop.com/ Software Link: https://github.com/fauzan1892/pos-kasir-php Version: 2.0 Tested on: Linux CVE: CVE-2023-36348 Vulnerability description: The application does...
CVE-2023-35797
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it...
Input validation
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it...