11234 matches found
CVE-2023-28676
CVE-2023-28676 describes a cross-site request forgery (CSRF) vulnerability in the Jenkins Convert To Pipeline Plugin, version 1.0 and earlier. The flaw allows an attacker to create a Pipeline based on a Freestyle project, which can potentially lead to remote code execution (RCE). Public reference...
Monitorr 1.7.6m / 1.7.7d Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Monitorr unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits an arbitrary file upload vulnerability and achieving...
Bitbucket v7.0.0 - RCE
Exploit Title: Bitbucket v7.0.0 - RCE Date: 09-23-2022 Exploit Author: khal4n1 Vendor Homepage: https://github.com/khal4n1 Tested on: Kali and ubuntu LTS 22.04 CVE : cve-2022-36804 The following exploit is used to exploit a vulnerability present Atlassian Bitbucket Server and Data Center 7.0.0...
CVE-2023-27060
LightCMS v1.3.7 was discovered to contain a remote code execution RCE vulnerability via the image:make function...
CVE-2023-27060
LightCMS v1.3.7 was discovered to contain a remote code execution RCE vulnerability via the image:make function...
Pimcore Remote Code Execution vulnerability in Search function
Impact Attacker can get full DB and maybe RCE knowing the WEBROOT path Patches Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2.patch Workarounds Apply patch...
CVE-2023-27060
LightCMS v1.3.7 contains a remote code execution (RCE) vulnerability exploitable via the image:make function. Affected software: LightCMS 1.3.7. Root cause: ability to trigger arbitrary code execution through image:make. Impact: high/critical risk (per CVSS 3.1 metrics in the CVE entry). Remediat...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : GitPython vulnerability (USN-5968-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5968-1 advisory. It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a...
CVE-2023-0340
The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. R...
Design/Logic Flaw
The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. R...
CVE-2023-0340 Custom Content Shortcode <= 4.0.2 - Contributor+ LFI
The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. R...
CVE-2023-0340
The CVE-2023-0340 issue affects the Custom Content Shortcode WordPress plugin (
CVE-2023-0340 Custom Content Shortcode <= 4.0.2 - Contributor+ LFI
The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. R...
Metasploit Weekly Wrap-Up
FortiNAC EITW Content Added Whilst we did have a few cool new modules added this week, one particularly interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952, that was added in by team member Jack Heysel. This module exploits an unauthenticated RCE in Fortinet FortiNAC versions...
CVE-2023-27037
Qibosoft QiboCMS v7 was discovered to contain a remote code execution RCE vulnerability via the GetTitle function at labelsetrs.php...
CVE-2023-27037
Qibosoft QiboCMS v7 is affected by a remote code execution (RCE) vulnerability in the Get_Title function of label_set_rs.php. The CVE entry CVE-2023-27037 documents impact on QiboCMS v7 and indicates high-severity risk (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C/H/I/H). Several connected sources corrobo...
CVE-2023-27037
Qibosoft QiboCMS v7 was discovered to contain a remote code execution RCE vulnerability via the GetTitle function at labelsetrs.php...
CVE-2023-27040
Simple Image Gallery v1.0 was discovered to contain a remote code execution RCE vulnerability via the username parameter...
Bitbucket Environment Variable Remote Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitbucket Environment Variable RCE', 'Description' = %q For various versions of Bitbucket, there is an authenticated command injection...
CVE-2023-27040
CVE-2023-27040 affects Simple Image Gallery v1.0, with a remote code execution (RCE) vulnerability exploitable via the username parameter. Connected sources confirm the issue leads to high-impact outcomes (CONFIDENTIALITY, INTEGRITY, AVAILABILITY all at HIGH) and indicate network-level access wit...