Exploit for Code Injection in Vmware Spring_Cloud_Function

Exploit for RCE in Spring Cloud CVE 2022-22963 Exploit for...

Security Bulletin: Due to the use of Apache spring-web, IBM ECM Content Management Interoperability Services (CMIS) is affected by remote code execution (RCE) security vulnerability CVE-2016-1000027

Summary IBM ECM Content Management Interoperability Services CMIS is affected by Apache spring-web security vulnerability CVE-2016-1000027 , affected, not vulnerable. Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivota Spring Framework could allow a remote attacker to execute arbitra...

Ubuntu 18.04 LTS / 20.04 LTS : Apache Log4j 2 vulnerabilities (USN-5222-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5222-1 advisory. It was discovered that Apache Log4j 2 was vulnerable to remote code execution RCE attack when configured to use a JDBC Appender with a JNDI...

Security Bulletin: IBM Planning Analytics Workspace has addressed a vulnerability in SnakeYaml (CVE-2022-1471)

Summary IBM Planning Analytics Workspace is vulnerable to a Remote Code Execution RCE in SnakeYaml. SnakeYaml has been upgraded in IBM Planning Analytics Workspace. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary co...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

TinyWebGallery 2.5 Shell Upload

Exploit Title: TinyWebGallery v2.5 - Remote Code Execution RCE Application: TinyWebGallery Version: v2.5 Bugs: RCE Technology: PHP Vendor URL: http://www.tinywebgallery.com/ Software Link: https://www.tinywebgallery.com/download.php?tinywebgallery=latest Date of found: 07-05-2023 Author: Mirabbas...

Roxy WI 6.1.0.0 Remote Command Execution

Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...

GetSimple CMS 3.3.16 Shell Upload

Exploit Title: GetSimple CMS v3.3.16 - Remote Code Execution RCE Data: 18/5/2023 Exploit Author : Youssef Muhammad Vendor: Get-simple Software Link: Version app: 3.3.16 Tested on: linux CVE: CVE-2022-41544 import sys import hashlib import re import requests from xml.etree import ElementTree from...

SitemagicCMS 4.4.3 Shell Upload

Exploit Title: SitemagicCMS 4.4.3 Remote Code Execution RCE Application: SitemagicCMS Version: 4.4.3 Bugs: RCE Technology: PHP Vendor URL: https://sitemagic.org/Download.html Software Link: https://github.com/Jemt/SitemagicCMS Date of found: 14-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...

PaperCut NG/MG 22.0.4 Remote Code Execution

Exploit Title: PaperCut NG/MG 22.0.4 - Remote Code Execution RCE Date: 13 May 2023 Exploit Author: Mohin Paramasivam Shad0wQu35t and MaanVader Vendor Homepage: https://www.papercut.com/ Version: 8.0 or later Tested on: 22.0.4 CVE: CVE-2023-27350 import requests import argparse Grouppayload =...

Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute

Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...

SitemagicCMS 4.4.3 - Remote Code Execution Vulnerability

Exploit Title: SitemagicCMS 4.4.3 Remote Code Execution RCE Application: SitemagicCMS Version: 4.4.3 Bugs: RCE Technology: PHP Vendor URL: https://sitemagic.org/Download.html Software Link: https://github.com/Jemt/SitemagicCMS Date of found: 14-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...

PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)

Exploit Title: PaperCut NG/MG 22.0.4 - Remote Code Execution RCE Date: 13 May 2023 Exploit Author: Mohin Paramasivam Shad0wQu35t and MaanVader Vendor Homepage: https://www.papercut.com/ Version: 8.0 or later Tested on: 22.0.4 CVE: CVE-2023-27350 import requests import argparse Grouppayload =...

TinyWebGallery v2.5 - Remote Code Execution (RCE)

Exploit Title: TinyWebGallery v2.5 - Remote Code Execution RCE Application: TinyWebGallery Version: v2.5 Bugs: RCE Technology: PHP Vendor URL: http://www.tinywebgallery.com/ Software Link: https://www.tinywebgallery.com/download.php?tinywebgallery=latest Date of found: 07-05-2023 Author: Mirabbas...

TinyWebGallery v2.5 - Remote Code Execution Vulnerability

Exploit Title: TinyWebGallery v2.5 - Remote Code Execution RCE Application: TinyWebGallery Version: v2.5 Bugs: RCE Technology: PHP Vendor URL: http://www.tinywebgallery.com/ Software Link: https://www.tinywebgallery.com/download.php?tinywebgallery=latest Date of found: 07-05-2023 Author: Mirabbas...

Craft CMS vulnerable to Remote Code Execution via unrestricted file extension

Summary Unrestricted file extension lead to a potential Remote Code Execution Authenticated, ALLOWADMINCHANGES=true Details Vulnerability Cause : If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal - resolveTemplate...

GHSA-VQXF-R9PH-CC9C Craft CMS vulnerable to Remote Code Execution via unrestricted file extension

Summary Unrestricted file extension lead to a potential Remote Code Execution Authenticated, ALLOWADMINCHANGES=true Details Vulnerability Cause : If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal - resolveTemplate...

CVE-2023-32336

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. Root cause: insecure deserialization in the RMI handler. Impact: remote code execution with high confidentiality, integrity, and availability implications...

Remote Code Execution (RCE)

umbracocms is vulnerable to Remote Code Execution RCE. Lack of proper checking of supplied user inputs via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx allows an attacker to upload and execute malicious code on the system...

AlmaLinux 8 : sysstat (ALSA-2023:2800)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:2800 advisory. - sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1,...