11234 matches found
SolarWinds Information Service (SWIS) .NET Deserialization From AMQP RCE
The SolarWinds Information Service SWIS is vulnerable to RCE by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead to OS command...
CVE-2022-28685
AVEVA Edge 2020 SP2 Patch 0 (4201.2111.1802.0000) is affected by CVE-2022-28685, a Deserialization of untrusted data vulnerability in the APP file parsing path. The flaw arises from inadequate validation of user-supplied data, enabling arbitrary code execution when a victim opens a malicious APP ...
CVE-2022-37377
CVE-2022-37377 affects Foxit PDF Editor 11.1.1.53537. The issue is a type confusion caused by an improper optimization in JavaScript handling, enabling remote code execution. Exploitation requires user interaction (target visits a malicious page or opens a malicious file). The vulnerability is as...
Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution Exploit
Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution RCE Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Windows XP SP3, Windows...
Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)
Exploit Title: Internet Download Manager v6.41 Build 3 - Remote Code Execution RCE Date: 15.11.2022 Exploit Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.internetdownloadmanager.com/ Software Link:...
Ubuntu 16.04 ESM / 18.04 LTS : Nette vulnerability (USN-5983-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5983-1 advisory. Cyku Hong discovered that Nette was not properly handling and validating data used for code generation. A remote attacker could possibly use this issu...
BoxBilling 4.22.1.5 Remote Code Execution
Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...
CVE-2023-25894 ZDI-CAN-19543: Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability
Adobe Dimension versions 3.4.7 and earlier is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2023-25879 ZDI-CAN-19389: Adobe Dimension OBJ File Improper Input Validation Remote Code Execution
Adobe Dimension versions 3.4.7 and earlier is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2023-27821
Databasir v1.0.7 contains a remote code execution (RCE) vulnerability exploitable via the mockDataScript parameter (CVE-2023-27821). The CVSSv3.1 base score is 9.8 (CRITICAL) with NETWORK attack vector and no user interaction. Connected documents corroborate RCE via mockDataScript and indicate Po...
SolarWinds Information Service (SWIS) Remote Command Execution Exploit
The SolarWinds Information Service SWIS is vulnerable to remote code execution by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead t...
SolarWinds Information Service (SWIS) Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/amqp/version091' class MetasploitModule 'SolarWinds Information Service SWIS .NET Deserialization From AMQP RCE', 'Description' = %q The SolarWinds...
CVE-2023-25901 ZDI-CAN-19508: Adobe Dimension USD File Improper Input Validation Remote Code Execution Vulnerability
Adobe Dimension versions 3.4.7 and earlier is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
Beauty Salon 1.0 Remote Shell Upload
Exploit Title: Beauty-salon v1.0 - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 10.12.2022 Vendor: https://code4berry.com/projects/beautysalon.php Software: https://code4berry.com/project%20downloads/beautysalondownload.php Reference:...
Beauty salon v1.0 - Remote Code Execution Exploit
Exploit Title: Beauty-salon v1.0 - Remote Code Execution RCE Exploit Author: nu11secur1ty Vendor: https://code4berry.com/projects/beautysalon.php Software: https://code4berry.com/project%20downloads/beautysalondownload.php Reference:...
Beauty-salon v1.0 - Remote Code Execution (RCE)
Exploit Title: Beauty-salon v1.0 - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 10.12.2022 Vendor: https://code4berry.com/projects/beautysalon.php Software: https://code4berry.com/project%20downloads/beautysalondownload.php Reference:...
CVE-2023-25828
Pluck CMS is vulnerable to an authenticated remote code execution RCE vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process...
Design/Logic Flaw
Pluck CMS is vulnerable to an authenticated remote code execution RCE vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process...
CVE-2023-25828 Authenticate Remote Code Execution in Pluck CMS
Pluck CMS is vulnerable to an authenticated remote code execution RCE vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process...
CVE-2023-25828
Pluck CMS (authenticated) is vulnerable to remote code execution via the albums module. A lack of file extension validation allows uploading a crafted JPEG payload containing an embedded PHP web-shell, which an authenticated admin can access to achieve RCE on the web server. Affected: Pluck CMS a...