CVE-2022-44276

In Responsive Filemanager 9.12.0, an attacker can bypass upload restrictions resulting in RCE...

RCE (Remote Code Execution) in Confluence Data Center & Server

This High severity RCE Remote Code Execution vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high...

CVE-2023-2068

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

Design/Logic Flaw

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

CVE-2023-2068

The CVE-2023-2068 issue affects the WordPress File Manager Advanced Shortcode plugin (versions

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 Text4Shell Testing Script This repository co...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 Text4Shell Testing Script This repository co...

WordPress File Manager Advanced Shortcode Plugin <= 2.3.2 is vulnerable to Remote Code Execution (RCE)

Software File Manager Advanced Shortcode Type Plugin Vulnerable versions = 2.3.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-2068 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f57871788c33 Credits Mateus Machado Tesser...

Job Board 1.0 Shell Upload

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

CVE-2020-20210

Bludit 3.9.2 is vulnerable to Remote Code Execution RCE via /admin/ajax/upload-images...

CVE-2020-20210

Bludit 3.9.2 is vulnerable to Remote Code Execution RCE via /admin/ajax/upload-images...

Remote code execution

Bludit 3.9.2 is vulnerable to Remote Code Execution RCE via /admin/ajax/upload-images...

CVE-2020-20210

Bludit 3.9.2 is vulnerable to Remote Code Execution RCE via /admin/ajax/upload-images...

CVE-2020-20210

Bludit 3.9.2 is affected by CVE-2020-20210, a Remote Code Execution (RCE) vulnerability exploitable via the /admin/ajax/upload-images endpoint. Public sources consistently describe an RCE risk on this version (high impact). The CVE is documented across multiple feeds (NVD, Red Hat, OSV, CNVD, CVE...

CVE-2023-1721 Yoga Class Registration System 1.0 - RCE

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...

CVE-2023-35169 php-imap vulnerable to RCE through a directory traversal vulnerability

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...

CVE-2023-35169 php-imap vulnerable to RCE through a directory traversal vulnerability

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...

FortiNAC - java untrusted object deserialization RCE

A deserialization of untrusted data vulnerability CWE-502 in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service...

CVE-2023-36348

POS Codekop v2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the filename parameter...