11234 matches found
Adobe Photoshop Multiple RCE Vulnerabilities (APSB23-11) - Windows
Adobe Photoshop is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Adobe Photoshop RCE Vulnerability (APSB23-23)- Mac OS X
Adobe Photoshop is prone to a high-risk vulnerability that can lead to remote code execution RCE. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
Adobe Photoshop Multiple RCE Vulnerabilities (APSB23-11) - Mac OS X
Adobe Photoshop is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Patch Tuesday - March 2023
Microsoft is offering fixes for 101 security issues for March 2023 Patch Tuesday, including two zero-day vulnerabilities; the most interesting of the two zero-day vulnerabilities is a flaw in Outlook which allows an attacker to authenticate against arbitrary remote resources as another user...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Proof of Concept for Log4j CVE-2021-44228 Disclaimer Th...
CVE-2023-24867
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability...
CVE-2023-23403
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability...
CVE-2023-24907
CVE-2023-24907 describes a remote code execution vulnerability in the Microsoft PostScript and PCL6 Class Printer Driver . The CVE entry (as per NVD) has a CVSS 3.1 base score of 8.8 (High) with vectors: AV:N, AC:L, PR:L, UI:N, S:U, C:H, I:H, A:H, indicating network attack with no user interactio...
CVE-2023-24867
The CVE, CVE-2023-24867, is described in connected sources as a remote code execution vulnerability in Microsoft’s PostScript and PCL6 Class Printer Driver. CNVD-2023-28103 explicitly notes a remote code execution flaw in the Microsoft PostScript Printer Driver; NVD/NIST entries corroborate the v...
CVE-2023-23413
Technical details about CVE-2023-23413 (affected product, root cause, versions, exploitability) are not provided in the connected documents. Public details are limited to the initial description; monitor for updates.
CVE-2023-23407
CVE-2023-23407 : Windows PPPoE remote code execution affecting the PPPoE stack. According to the CVE record, the vulnerability enables total impact on confidentiality, integrity, and availability (CVSS 3.1: 7.1, HIGH). Exploitation is classified as adjacent network access with high complexity and...
CVE-2023-23403 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963: Spring4Shell RCE Exploit This is a python im...
NETGEAR WNR2000 RCE (PSV-2016-0261)
NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. This vulnerability can only be exploited when an...
Exploit for CVE-2021-3129
CVE-2021-3129 Laravel RCE CVE-2021-3129 Vulnerability O...
Metasploit Weekly Wrap-Up
Wowza, a new credential gatherer and login scanner! This week Metasploit Framework gained a credential gatherer for Wowza Streaming Engine Manager. Credentials for this application are stored in a file named admin.password in a known location and the file is readable by default by BUILTIN\Users o...
SugarCRM 12.x Remote Code Execution / Shell Upload Exploit
This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2. This module requires Metasploit:...
Apache Spark <= 3.0.3 / 3.1.1 < 3.1.3 / 3.2.x < 3.2.1 RCE (CVE-2022-33891)
Binary data apachesparkcve-2022-33891.nbin...
Apache Spark < 2.4.6 RCE (CVE-2020-9480)
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...
File Upload Bypass Leads to Remote Code Execution (RCE)
Description There is no extension checks during file upload. Attacker may upload file to execute malicious code in the server. Proof of Concept Step 1: Create a file with the content below and save it as evil.php " Step 2: Login to the Cockpit web server Step 3: Go to assets Step 4: Upload Assets...