Design/Logic Flaw

Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal -...

Ivanti Avalanche FileStoreConfig Shell Upload Exploit

Ivanti Avalanche versions prior to 6.4.0.186 permits MS-DOS style short names in the configuration path for the Central FileStore. Because of this, an administrator can change the default path to the web root of the applications, upload a JSP file, and achieve remote command execution as NT...

PT-2023-17682 · Undefined · Undefined

Исследователи начинают раскрывать результаты своей работы, которые демонстрировались в рамках хакерского турнира Pwn2Own, проведенного ZDI в декабре прошлого года. Не отстают и поставщики, правда не все. Исследователь Нгуен Хоанг Тхоч из STAR Labs опубликовал подробности двух уязвимостей в VMWare...

K000134671: Paramiko vulnerability CVE-2018-1000805

Security Advisory Description Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. CVE-2018-1000805 Impact There is no impact; F5...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Critical: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Remote Code Execution (RCE)

vm2 is vulnerable to Remote Code Execution RCE. The vulnerability is due to the unexpected creation of a host object based on the proxy specification, which allows an attacker to break out of the sandbox and execute arbitrary code on the host system...

Ivanti Avalanche FileStoreConfig File Upload

Ivanti Avalanche prior to v6.4.0.186 permits MS-DOS style short names in the configuration path for the Central FileStore. Because of this, an administrator can change the default path to the web root of the applications, upload a JSP file, and achieve RCE as NT AUTHORITY\SYSTEM. Module Options m...

Ivanti Avalanche FileStoreConfig Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Avalanche FileStoreConfig File Upload', 'Description' = %q Ivanti Avalanche prior to v6.4.0.186 permits MS-DOS style short names in the...

CVE-2023-31587

CVE-2023-31587 affects Tenda AC5 router V15.03.06.28. A remote code execution (RCE) vulnerability exists via the Mac parameter at ip/goform/WriteFacMac, arising from insufficient input validation on the Mac field. Documented impact is arbitrary code execution with network access. Several sources ...

Huawei EulerOS: Security Advisory for sysstat (EulerOS-SA-2023-1899)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for sysstat (EulerOS-SA-2023-1930)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Code Injection in Get-Simple Getsimple_Cms

CVE-2022-41544 Exploit scr...

CVE-2022-4774 Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution...

CVE-2022-47386 CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution...

Microsoft Office 2019 Multiple RCE Vulnerabilities (May 2023) - Mac OS X

This host is missing an important security update for Microsoft Office 2019 on Mac OS X according to Microsoft security update May 2023 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holder...

Exploit for CVE-2022-30190

CVE 30190 Amine TITROFINE | December 17, 2022 ------------...

AlmaLinux 9 : sysstat (ALSA-2023:2234)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:2234 advisory. - sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1,...

Job Portal 1.0 - File Upload Restriction Bypass

/jobportal/applicant/ 2.- Select profile image and load a valid image. 3. Turn Burp/ZAP Intercept On 4. Select webshell - ex: shell.png 5. Alter request in the upload... Update 'filename' to desired extension. ex: shell.php Not neccesary change content type to 'image/png' Example exploitation...

GHSA-2MHH-27V7-3VCX WWBN AVideo command injection vulnerability

WWBN AVideo Authenticated RCE A command injection vulnerability exists at plugin/CloneSite/cloneClient.json.php which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854 which affects WWBN Avideo up to version 12.3 Vulnerable Code...