11233 matches found
CVE-2023-27849
CVE-2023-27849 affects rails-routes-to-json v1.0.0 and is described as a remote code execution (RCE) vulnerability triggered via the child_process function. Public entries consistently indicate network-based exploitation with high impact to confidentiality, integrity, and availability. No specifi...
CVE-2023-27849
rails-routes-to-json v1.0.0 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...
CVE-2023-27848
broccoli-compass v0.2.4 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...
CVE-2023-27848
CVE-2023-27848 affects broccoli-compass v0.2.4. A remote code execution (RCE) vulnerability exists via the child_process function, allowing execution of attacker-controlled code. Impact is high (C/H/I/H/A/H) per the CVSS3.1 data; exploitation is network-borne with no user interaction and no privi...
Metasploit Weekly Wrap-Up
VMware Workspace ONE Access exploit chain A new module contributed by jheysel-r7 exploits two vulnerabilities in VMware Workspace ONE Access to attain Remote Code Execution as the horizon user. First being CVE-2022-22956, which is an authentication bypass and the second being a JDBC injection in...
Two Critical Flaws Found in Alibaba Cloud's PostgreSQL Databases
A chain of two critical flaws has been disclosed in Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. "The vulnerabilities potentially allowed unauthorize...
ProjeQtOr Project Management System 10.3.2 Shell Upload
Exploit Title: ProjeQtOr Project Management System 10.3.2 -Remote Code Execution RCE Application: ProjeQtOr Project Management System Version: 10.3.2 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://www.projeqtor.org Software Link:...
FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution Exploit
Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests def mainrhost,...
FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)
Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Date: 18/04/2023 Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests...
Microsoft Word 16.72.23040900 - Remote Code Execution Vulnerability
Exploit Title: Microsoft Word 16.72.23040900 - Remote Code Execution RCE Author: nu11secur1ty Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3 Reference:...
Serendipity 2.4.0 - Remote Code Execution (Authenticated) Vulnerability
Exploit Title: Serendipity 2.4.0 - Remote Code Execution RCE Authenticated Application: Serendipity Version: 2.4.0 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://docs.s9y.org/ Software Link: https://docs.s9y.org/downloads.html Date of found:...
Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution Exploit
!/usr/bin/env python """ Exploit Title: Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution RCE Exploit Author: max / Zoltan Padanyi Vendor Homepage: https://exchange.nagios.org/directory/Addons/Configuration/Lilac-2DReloaded/visit Software Link:...
ProjeQtOr Project Management System 10.3.2 - Remote Code Execution Vulnerability
Exploit Title: ProjeQtOr Project Management System 10.3.2 -Remote Code Execution RCE Application: ProjeQtOr Project Management System Version: 10.3.2 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://www.projeqtor.org Software Link:...
FUXA 1.1.13-1186 Remote Code Execution
Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Date: 18/04/2023 Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests...
Serendipity 2.4.0 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Serendipity 2.4.0 - Remote Code Execution RCE Authenticated Application: Serendipity Version: 2.4.0 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://docs.s9y.org/ Software Link: https://docs.s9y.org/downloads.html Date of found:...
#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services
A container escape vulnerability, combined with accidental 'write' permissions to a private registry, opened a backdoor for Wiz Research to access Alibaba Cloud databases and potentially compromise its services through a supply-chain attack...
Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload
The plugin does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution. As an unauthenticated user access a form containing a File Upload form...
D-Link DAP-1320 < 1.21b05 RCE Vulnerability
D-Link DAP-1320 devices are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMware Workspace ONE Access VMSA-2022-0011 exploit chain
This module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability CVE-2022-22956 is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the authentication...
CVE-2023-21932
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: OXI. The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...