11236 matches found
CVE-2023-35169 php-imap vulnerable to RCE through a directory traversal vulnerability
PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...
FortiNAC - java untrusted object deserialization RCE
A deserialization of untrusted data vulnerability CWE-502 in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service...
CVE-2023-36348
POS Codekop v2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the filename parameter...
CVE-2023-36348
POS Codekop v2.0 contains an authenticated remote code execution (RCE) vulnerability stemming from insufficient sanitization of the filename parameter in the edit flow (/upload path). Specifically, the flaw allows an authenticated attacker to upload a PHP file via the filename field and access it...
CVE-2023-34939
The CVE-2023-34939 issue affects Onlyoffice Community Server prior to v12.5.2, with a remote code execution (RCE) flaw in the UploadProgress.ashx component. The root cause is described as errors in handling the relative path to a directory with limited access, enabling an attacker to execute arbi...
ROS-20230621-06
The vulnerability in ImageMagick graphical editor is related to writing outside and buffer overflow on a heap-based buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a crash of the of the application. The vulnerability in the ImageMagick graphical...
CVE-2023-34939
Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution RCE vulnerability via the component UploadProgress.ashx...
D-Link D-View 8 Path Traversal RCE (CVE-2023-32165)
Binary data dlinkdview8cve-2023-32165.nbin...
GHSA-47P7-XFCC-4PV9 php-imap vulnerable to RCE through a directory traversal vulnerability
Summary An unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability which results in a remote code execution vulnerability. Details An attacker can send an email with a malicious attachment to the inbox, which gets crawled with webklex/php-im...
HP Printer RCE Vulnerability (HPSBPI03849)
Multiple HP printer are prone to a remote code execution RCE vulnerability when running HP Workpath solutions on potentially affected products. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective righ...
Exploit for Out-of-bounds Write in Readymedia_Project Readymedia
CVE-2023-33476 ReadyMedia MiniDLNA versions from 1.1.15 u...
CVE-2023-2359
CVE-2023-2359 affects the Slider Revolution WordPress plugin up to version 6.6.12. The vulnerability arises from not validating image files on import, enabling an arbitrary file upload that may lead to Remote Code Execution in certain server configurations. Affected component: Slider Revolution p...
Exploit for Path Traversal in Igniterealtime Openfire
CVE-2023-32315 Openfire Console Authentication Bypass Vulnerab...
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
CVE-2023-27997 Vulnerability Assessment Tool Safely detect wh...
CVE-2023-30625 rudder-server vulnerable to SQL Injection
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
CVE-2023-30625
Rudder-server (RudderStack CDP) prior to version 1.3.0-rc.1 is affected by an SQL injection that can lead to remote code execution because the postgres user rutde_rudder is granted superuser privileges by default. Affected component: rudder-server in RudderStack; vulnerability is triggered via SQ...
WinSCP < 5.17.10 RCE
The version of WinSCP installed on the remote Windows host is prior to 5.17.10. It is, therefore, affected by a remote code execution vulnerability that allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. For example, th...
Desktop APP XSS to RCE
๐๏ธ Requirements The user must load the malicious configuration and click on the buttons. ๐ Description This exploitation relies on several issues which chained together lead to an RCE. In the following subsection, I will try to explain it as best I can. ๐ Not sanitized HTML injection In the...
PyLoad 0.5.0 Remote Code Execution
Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...
CVE-2023-34252 Grav Server-side Template Injection via Insufficient Validation in filterFilter
Grav is a flat-file content management system. Prior to version 1.7.42, there is a logic flaw in the GravExtension.filterFilter function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passing an array as a...