Lucene search
K

11234 matches found

Information Security Automation
Information Security Automation
added 2023/03/27 12:25 a.m.98 views

Microsoft Patch Tuesday March 2023: Outlook EoP, MOTW Bypass, Excel DoS, HTTP/3 RCE, ICMP RCE, RPC RCE

Hello everyone! This episode will be about Microsoft Patch Tuesday for March 2023, including vulnerabilities that were added between February and March Patch Tuesdays. Alternative video link for Russia: As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I...

7.5CVSS9.5AI score0.97408EPSS
Exploits19
Packet Storm
Packet Storm
added 2023/03/27 12:0 a.m.171 views

Webgrind 1.1 Cross Site Scripting / Remote Code Execution

Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting XSS & Remote Command Execution RCE Discovery by: Rafael Pedrero Discovery Date: 2022-02-13 Vendor Homepage: http://github.com/jokkedk/webgrind/ Software Link : http://github.com/jokkedk/webgrind/ Tested Version: 1.1 Tested on: Windows 1...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2023/03/27 12:0 a.m.21 views

CVE-2023-25868 Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Substance 3D Stager versions 2.0.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.9AI score0.00396EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2023/03/27 12:0 a.m.185 views

WebTareas 2.4 Remote Shell Upload

Exploit Title: WebTareas 2.4 - RCE Authorized Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on: Windows 10...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/27 12:0 a.m.259 views

WiFi Mouse 1.8.3.2 - Remote Code Execution Exploit

Exploit Title: WiFi Mouse 1.8.3.2 - Remote Code Execution RCE Author: Payal Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.2 Tested on: Windows 10 Pro Build 21H2 Desktop Server software used by mobile app has PIN option which does not to prevent...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/27 12:0 a.m.149 views

Zentao Project Management System 17.0 - Authenticated Remote Code Execution Exploit

Exploit Title: Zentao Project Management System 17.0 - Authenticated Remote Code Execution RCE Exploit Author: mister0xf Software Link: https://github.com/easysoft/zentaopms Version: tested on 17.0 probably works also on newer/older versions Tested On: Kali Linux 2022.2 Exploit Tested Using: Pyth...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/27 12:0 a.m.156 views

Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution Vulnerability

Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting XSS & Remote Command Execution RCE Discovery by: Rafael Pedrero Vendor Homepage: http://github.com/jokkedk/webgrind/ Software Link : http://github.com/jokkedk/webgrind/ Tested Version: 1.1 Tested on: Windows 10 using XAMPP Vulnerability...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/27 12:0 a.m.139 views

Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution (RCE)

Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting XSS & Remote Command Execution RCE Discovery by: Rafael Pedrero Discovery Date: 2022-02-13 Vendor Homepage: http://github.com/jokkedk/webgrind/ Software Link : http://github.com/jokkedk/webgrind/ Tested Version: 1.1 Tested on: Windows 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/27 12:0 a.m.180 views

Zentao Project Management System 17.0 - Authenticated Remote Code Execution (RCE)

Exploit Title: Zentao Project Management System 17.0 - Authenticated Remote Code Execution RCE Exploit Author: mister0xf Date: 2022-10-8 Software Link: https://github.com/easysoft/zentaopms Version: tested on 17.0 probably works also on newer/older versions Tested On: Kali Linux 2022.2 Exploit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/27 12:0 a.m.175 views

MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP - Remote Code Execution (RCE)

Exploit Title: MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP - Remote Code Execution RCE Exploit Author: LiquidWorm MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP svdrpsend.sh Exploit Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/27 12:0 a.m.184 views

WebTareas 2.4 - RCE (Authorized)

Exploit Title: WebTareas 2.4 - RCE Authorized Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on: Windows 10...

7.4AI score
Exploits0
GithubExploit
GithubExploit
added 2023/03/26 1:11 p.m.208 views

Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics

CVE-2022-24637 Unauthenticated RCE in Open Web Analytics versi...

9.8CVSS9.5AI score0.99134EPSS
Exploits14
Kitploit
Kitploit
added 2023/03/26 11:30 a.m.113 views

Waf-Bypass - Check Your WAF Before An Attacker Does

WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does. WAF Bypass Tool is developed by Nemesida WAF team with the participation of community. How to run I...

8.2AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/03/24 9:57 p.m.26 views

TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation

Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...

9.8CVSS9.1AI score0.00831EPSS
Exploits1References4Affected Software3
Rapid7 Blog
Rapid7 Blog
added 2023/03/24 6:33 p.m.63 views

Metasploit Weekly Wrap-Up

Zxyel Routers Beware This week we've released a module written by first time community contributor shr70 that can exploit roughly 45 different Zyxel router and VPN models. The module exploits a buffer overflow vulnerability that results in unauthenticated remote code execution on affected devices...

7.5CVSS9.7AI score0.99134EPSS
Exploits22
Huntr
Huntr
added 2023/03/24 4:23 a.m.28 views

XSS to RCE found in Trilium

Vulnerability Type Remote Code Execution RCE Authentication Required? No Affected Location - Search Notes Search Ancestor Output - Jump to Note Search Note Output - New Tab Search Notes Output Issue Summary The application contains a vulnerability where HTML characters within the title name of...

6.2AI score
Exploits0References1
Packet Storm
Packet Storm
added 2023/03/24 12:0 a.m.454 views

Joomla! 4.2.7 Unauthenticated Information Disclosure

!/usr/bin/env ruby Exploit Title: Joomla! = 4.2.8 References: - https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/ - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html -...

5.3CVSS5.9AI score0.99827EPSS
Exploits43
Kaspersky
Kaspersky
added 2023/03/24 12:0 a.m.36 views

KLA48688 RCE vulnerability in LibreOffice

Remote code execution vulnerability was found in LibreOffice. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories Empty entry in Java class path risks arbitrary code execution Related products LibreOffice CVE list CVE-2022-38745 critical Solution Update t...

7.8CVSS8.5AI score0.00872EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/03/23 8:0 p.m.32 views

baserCMS File Uploader Remote Code Execution (RCE) vulnerability

Impact There is a Remote Code Execution RCE Vulnerability on the management system of baserCMS. Target baserCMS 4.7.3 and earlier versions Patches Update to the latest version of baserCMS Credits 島峰泰平@三井物産セキュアディレクション株式会社...

9.8CVSS9.2AI score0.01533EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2023/03/23 7:22 p.m.136 views

CVE-2023-25654

The CVE-2023-25654 entry affects baserCMS prior to version 4.7.5, revealing a Remote Code Execution (RCE) vulnerability in the management system. The incident is documented across multiple sources (NVD/Red Hat/EUVD/GHSA) indicating a total impact if exploited, with a released patch in baserCMS 4....

9.8CVSS9.7AI score0.01533EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder