Lucene search
K

11236 matches found

Vulnrichment
Vulnrichment
โ€ขadded 2023/06/23 8:37 p.m.โ€ข12 views

CVE-2023-35169 php-imap vulnerable to RCE through a directory traversal vulnerability

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...

9CVSS7.6AI score0.03191EPSS
Exploits1References5
Fortinet
Fortinet
โ€ขadded 2023/06/23 12:0 a.m.โ€ข44 views

FortiNAC - java untrusted object deserialization RCE

A deserialization of untrusted data vulnerability CWE-502 in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service...

7.6AI score0.24296EPSS
Exploits0Affected Software1
Cvelist
Cvelist
โ€ขadded 2023/06/23 12:0 a.m.โ€ข41 views

CVE-2023-36348

POS Codekop v2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the filename parameter...

9.3AI score0.06366EPSS
Exploits4References3
CVE
CVE
โ€ขadded 2023/06/23 12:0 a.m.โ€ข40 views

CVE-2023-36348

POS Codekop v2.0 contains an authenticated remote code execution (RCE) vulnerability stemming from insufficient sanitization of the filename parameter in the edit flow (/upload path). Specifically, the flaw allows an authenticated attacker to upload a PHP file via the filename field and access it...

8.8CVSS9AI score0.06366EPSS
Exploits4References3Affected Software1
CVE
CVE
โ€ขadded 2023/06/22 12:0 a.m.โ€ข188 views

CVE-2023-34939

The CVE-2023-34939 issue affects Onlyoffice Community Server prior to v12.5.2, with a remote code execution (RCE) flaw in the UploadProgress.ashx component. The root cause is described as errors in handling the relative path to a directory with limited access, enabling an attacker to execute arbi...

9.8CVSS9.9AI score0.05033EPSS
Exploits1References3Affected Software1
Redos
Redos
โ€ขadded 2023/06/22 12:0 a.m.โ€ข28 views

ROS-20230621-06

The vulnerability in ImageMagick graphical editor is related to writing outside and buffer overflow on a heap-based buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a crash of the of the application. The vulnerability in the ImageMagick graphical...

9.8CVSS7.5AI score0.08011EPSS
Exploits5
Cvelist
Cvelist
โ€ขadded 2023/06/22 12:0 a.m.โ€ข21 views

CVE-2023-34939

Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution RCE vulnerability via the component UploadProgress.ashx...

10AI score0.05033EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
โ€ขadded 2023/06/22 12:0 a.m.โ€ข23 views

D-Link D-View 8 Path Traversal RCE (CVE-2023-32165)

Binary data dlinkdview8cve-2023-32165.nbin...

9.8CVSS9.7AI score0.73315EPSS
Exploits0References2
OSV
OSV
โ€ขadded 2023/06/21 9:58 p.m.โ€ข26 views

GHSA-47P7-XFCC-4PV9 php-imap vulnerable to RCE through a directory traversal vulnerability

Summary An unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability which results in a remote code execution vulnerability. Details An attacker can send an email with a malicious attachment to the inbox, which gets crawled with webklex/php-im...

9CVSS9.7AI score0.03191EPSS
Exploits1References7
OpenVAS
OpenVAS
โ€ขadded 2023/06/21 12:0 a.m.โ€ข18 views

HP Printer RCE Vulnerability (HPSBPI03849)

Multiple HP printer are prone to a remote code execution RCE vulnerability when running HP Workpath solutions on potentially affected products. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective righ...

9.8CVSS9.9AI score0.01465EPSS
Exploits0References1
GithubExploit
GithubExploit
โ€ขadded 2023/06/20 1:13 a.m.โ€ข815 views

Exploit for Out-of-bounds Write in Readymedia_Project Readymedia

CVE-2023-33476 ReadyMedia MiniDLNA versions from 1.1.15 u...

9.8CVSS9.5AI score0.02061EPSS
Exploits2
CVE
CVE
โ€ขadded 2023/06/19 10:52 a.m.โ€ข1653 views

CVE-2023-2359

CVE-2023-2359 affects the Slider Revolution WordPress plugin up to version 6.6.12. The vulnerability arises from not validating image files on import, enabling an arbitrary file upload that may lead to Remote Code Execution in certain server configurations. Affected component: Slider Revolution p...

8.8CVSS8.9AI score0.0254EPSS
In wildExploits2References2Affected Software1
GithubExploit
GithubExploit
โ€ขadded 2023/06/18 3:42 p.m.โ€ข694 views

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315 Openfire Console Authentication Bypass Vulnerab...

8.6CVSS8.1AI score0.99999EPSS
Exploits15
GithubExploit
GithubExploit
โ€ขadded 2023/06/16 8:15 p.m.โ€ข539 views

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

CVE-2023-27997 Vulnerability Assessment Tool Safely detect wh...

9.8CVSS10AI score0.85689EPSS
Exploits10
Cvelist
Cvelist
โ€ขadded 2023/06/16 4:4 p.m.โ€ข54 views

CVE-2023-30625 rudder-server vulnerable to SQL Injection

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

8.8CVSS9.5AI score0.85825EPSS
Exploits4References8
CVE
CVE
โ€ขadded 2023/06/16 4:4 p.m.โ€ข99 views

CVE-2023-30625

Rudder-server (RudderStack CDP) prior to version 1.3.0-rc.1 is affected by an SQL injection that can lead to remote code execution because the postgres user rutde_rudder is granted superuser privileges by default. Affected component: rudder-server in RudderStack; vulnerability is triggered via SQ...

8.8CVSS9.1AI score0.85825EPSS
In wildExploits4References8Affected Software1
Tenable Nessus
Tenable Nessus
โ€ขadded 2023/06/16 12:0 a.m.โ€ข181 views

WinSCP < 5.17.10 RCE

The version of WinSCP installed on the remote Windows host is prior to 5.17.10. It is, therefore, affected by a remote code execution vulnerability that allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. For example, th...

10CVSS7.8AI score0.07408EPSS
Exploits0References2
Huntr
Huntr
โ€ขadded 2023/06/15 1:14 p.m.โ€ข41 views

Desktop APP XSS to RCE

๐Ÿ”’๏ธ Requirements The user must load the malicious configuration and click on the buttons. ๐Ÿ“ Description This exploitation relies on several issues which chained together lead to an RCE. In the following subsection, I will try to explain it as best I can. ๐Ÿ’‰ Not sanitized HTML injection In the...

7.5CVSS6.4AI score0.0194EPSS
Exploits1
Packet Storm
Packet Storm
โ€ขadded 2023/06/15 12:0 a.m.โ€ข454 views

PyLoad 0.5.0 Remote Code Execution

Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...

9.8CVSS7.1AI score0.96988EPSS
Exploits13
OSV
OSV
โ€ขadded 2023/06/14 9:38 p.m.โ€ข28 views

CVE-2023-34252 Grav Server-side Template Injection via Insufficient Validation in filterFilter

Grav is a flat-file content management system. Prior to version 1.7.42, there is a logic flaw in the GravExtension.filterFilter function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passing an array as a...

8.8CVSS8.1AI score0.02074EPSS
Exploits1References6
Rows per page
Query Builder