11233 matches found
Security Updates for Microsoft SharePoint Server 2019 (May 2023)
The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A Sharepoint Server spoofing vulnerability. CVE-2023-24950 - A Sharepoint Server information disclosure vulnerability. CVE-2023-24950 - A...
Patch Tuesday - May 2023
A less crowded Patch Tuesday for May 2023: Microsoft is offering fixes for just 49 vulnerabilities this month. There are no fixes this month for printer drivers, DNS, or .NET, three components which have featured heavily in recent months. Three zero-day vulnerabilities are patched, alongside a...
Why Attackers Target the Government Industry
Key Takeaways: Government sites are full of information attackers want, so it’s crucial to defend them properly. DDoS is an easy tool for attackers to use to disrupt government sites, which can have far-reaching consequences, as we saw early in the Russia-Ukraine war. Remote code execution RCE...
Microsoft Windows AV1 Video Extensions RCE (May 2023)
The Windows 'AV1 Video Extension' app installed on the remote host is affected by remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. %NASLMINLEVEL 80900 C Tenable Network Security, Inc. The descriptive text and...
ManageEngine ADAudit Plus Authenticated File Write RCE
This module exploits security issues in ManageEngine ADAudit Plus prior to 7006 that allow authenticated users to execute arbitrary code by creating a custom alert profile and leveraging its custom alert script component. The module first runs a few checks to test the provided credentials, retrie...
Exploit for CVE-2021-46703
CVE-2021-46703 Simple payload builder based on POC in: https:/...
Exploit for CVE-2022-21907
CVE-2022-21907-RCE...
CVE-2023-30065
MitraStar GPT-2741GNAC-N2 with firmware BRg5.91.11WVK.0b32 was discovered to contain a remote code execution RCE vulnerability in the ping function...
Remote code execution
MitraStar GPT-2741GNAC-N2 with firmware BRg5.91.11WVK.0b32 was discovered to contain a remote code execution RCE vulnerability in the ping function...
Metasploit Weekly Wrap-Up
Throw another log file on the fire Our own Stephen Fewer authored a module targeting CVE-2023-26360 affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier. The vulnerability allows multiple paths to code execution, but our module works by leveraging a...
Ulicms 2023.1 sniffing-vicuna - Remote Code Execution Vulnerability
Exploit Title: Ulicms-2023.1 sniffing-vicuna - Remote Code Execution RCE Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: RCE Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip Date o...
Jedox 2022.4.2 - Remote Code Execution via Directory Traversal Vulnerability
Exploit Title: Jedox 2022.4.2 - Remote Code Execution via Directory Traversal Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47875 Introduction ===============...
CVE-2023-29963
S-CMS v5.0 contains an authenticated remote code execution (RCE) vulnerability in the /admin/ajax.php endpoint. CVSS v3.1 indicates Network access, high impact to confidentiality, integrity, and availability (base score 7.2). Exploit details are not provided beyond the authenticated RCE via this ...
Jedox 2022.4.2 RPC Interface Remote Code Execution
Exploit Title: Jedox 2022.4.2 - Code Execution via RPC Interfaces Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47879 Introduction...
CVE-2023-30065
MitraStar GPT-2741GNAC-N2 with firmware BRg5.91.11WVK.0b32 was discovered to contain a remote code execution RCE vulnerability in the ping function...
CVE-2023-30065
CVE-2023-30065 affects MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32, where a remote code execution vulnerability exists in the ping function. The issue is confirmed across multiple feeds (e.g., Red Hat/CNNVD-style entries) and is characterized by an RCE with network access and l...
Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)
Exploit Title: Wolf CMS 0.8.3.1 - Remote Code Execution RCE Date: 2023-05-02 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wolf-cms.readthedocs.io Software Link: https://github.com/wolfcms/wolfcms Version: 0.8.3.1 Tested on: Kali Linux Steps to Reproduce Firstly, go to the "Files" ta...
Important: Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.3 security update
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update
Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Units
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday released an Industrial Control Systems ICS advisory about a critical flaw affecting ME RTU remote terminal units. The security vulnerability, tracked as CVE-2023-2131, has received the highest severity rating of 10.0 on the...