11234 matches found
CVE-2023-0090 Proofpoint Enterprise Protection webservices unauthenticated RCE
The webservices in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all...
CVE-2023-0089 Proofpoint Enterprise Protection webutils authenticated RCE
The webutils in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below...
Critical: Red Hat Security Advisory: Satellite 6.11.5 Async Security Update
Updated Satellite 6.11 packages that fixes critical security bugs and several regular bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet...
Multiple Vulnerabilities Found in Cisco IP Phones Web-Based Management Interface
Threat Level Vulnerability Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary Cisco has disclosed two high-severity vulnerabilities affecting its IP phones, with one causing remote code execution RCE and the other enabling...
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined Exploit
CoreDial sipXcom sipXopenfire versions 21.04 and below suffer from XMPP message system command argument injection and insecure service file permissions that when chained together gives root. ¯¯¯¯¯¯¯/ ༼ つ ◕◕ ༽つ ง'̀-'́ง ╯°□°)╯︵ ┻━┻ ヽ´ー`ノ /¯¯...
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissions
¯¯¯¯¯¯¯/ ༼ つ ◕◕ ༽つ ง'̀-'́ง ╯°□°)╯︵ ┻━┻ ヽ´ー`ノ /¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Product: sipXcom sipXopenfire Vendor: CoreDial Name: "sipXcom sipXopenfire XMPP message system command argument injection and insecure service file permissions RCE" Version:...
EulerOS 2.0 SP11 : sysstat (EulerOS-SA-2023-1418)
According to the versions of the sysstat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1...
Huawei EulerOS: Security Advisory for sysstat (EulerOS-SA-2023-1418)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP11 : sysstat (EulerOS-SA-2023-1433)
According to the versions of the sysstat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1...
Remote code execution in Funadmin
Funadmin v3.2.0 was discovered to contain a remote code execution RCE vulnerability via the component \controller\Addon.php...
CVE-2021-36394
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin...
CVE-2023-24776
Funadmin v3.2.0 was discovered to contain a remote code execution RCE vulnerability via the component \controller\Addon.php...
CVE-2023-24776
Funadmin v3.2.0 was discovered to contain a remote code execution RCE vulnerability via the component \controller\Addon.php...
Exploit for Improper Input Validation in Moodle
CVE-2022-35649 Payload Generator using Python 2 and Det...
CVE-2023-24736
PMB v7.4.6 was discovered to contain a remote code execution RCE vulnerability via the component /sauvegarde/restaureact.php...
CVE-2023-24736
PMB v7.4.6 contains a remote code execution (RCE) vulnerability in the component /sauvegarde/restaure_act.php. The issue is exposed over a network vector with no user interaction required and privileges. Documented impact indicates high/critical potential (C:H/I:H/A:H), but exploitation status is...
Android Security Bulletin—March 2023Stay organized with collectionsSave and categorize content based on your preferences.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-03-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...
CVE-2023-24776
Funadmin v3.2.0 is affected by a remote code execution (RCE) vulnerability in the controllerAddon.php component (via \controller\Addon.php). NVD lists CVSS v3.1 base score 9.8 (CRITICAL) with network attack vector, no privileges, no user interaction required, and impact to confidentiality, integr...
Atlassian Confluence 7.12.x < 7.12.5 RCE Via OGNL Injection
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.13.23, 6.14.x prior to 7.4.11, 7.5.x prior to 7.11.6 or 7.12.x prior to 7.12.5. It is, therefore, affected by an OGNL injection vulnerability that would allow an attacker...
CVE-2023-24776
Funadmin v3.2.0 was discovered to contain a remote code execution RCE vulnerability via the component \controller\Addon.php...