11234 matches found
Exploit for OS Command Injection in Netgate Pfblockerng
CVE-2022-31814 WebApp bug import argparse import requ...
Exploit for CVE-2021-3129
Laravel Debug Mode RCE Vulnerability CVE-2021-3129 POC / EXP...
CVE-2023-26779
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...
CVE-2023-26779
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...
CVE-2023-26779
CVE-2023-26779 affects CleverStupidDog yf-exam v1.8.0. The vulnerability is described as a Deserialization flaw that can lead to Remote Code Execution (RCE). CVSS 3.1 base score 9.8 (CRITICAL) with NETWORK attack vector, low attack complexity, no privileges or user interaction required, and impac...
IBM WebSphere Application Server 7.x <= 7.0.0.45 / 8.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.22 / 9.x < 9.0.5.12 RCE
The IBM WebSphere Application Server installed on the remote host is affected by a remote code execution vulnerability due to the Dojo package, which is vulnerable to vulnerable to Prototype Pollution via the setObject function. Note that Nessus has not tested for this issue but has instead relie...
CentOS: Security Advisory for emacs-git (CESA-2023:0978)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 9
New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload
This module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user. Module Options msf use...
Exploit for Deserialization of Untrusted Data in Alibaba Fastjson
CVE-2022-25845-exploit Try exploiting this CVE by studying so...
emacs, git, gitk, gitweb, perl security update
CentOS Errata and Security Advisory CESA-2023:0978 An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Exploit for OS Command Injection in Netgate Pfblockerng
CVE-2022-31814 text Reworked and optimized exploit scrip...
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Oracle E-Business Suite EBS Unauthenticated Arbitrary File Upload', 'Description' = %q This module exploits an unauthenticated...
D-Link Routers Unauthenticated RCE (CVE-2022-26258)
The remote D-Link router is affected by a remote code execution vulnerability. D-Link DIR-820L 1.05B03 was discovered to contain a remote command execution RCE vulnerability via the Device Name parameter in /lan.asp. Note that Nessus has not tested for this issue but has instead relied only on th...
D-Link DIR-867 Rev. A <= v1.30B07 RCE Vulnerability
D-Link DIR-867 Rev. A devices are prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
D-Link Routers RCE (CVE-2019-16057)
D-Link DNS-320 through 2.05.B10 is affected by command injection in the loginmgr.cgi component, which can lead to remote arbitrary code execution. The port parameter in the script could be poisoned to execute arbitrary commands, opening the door to an RCE attack. If the vulnerability is exploited...
Important: Red Hat Security Advisory: git security update
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
Local file inclusion leading to RCE
Description The api handling endpoint allows for a local file inclusion that can lead to remote code execution. It requires a valid api token which can be obtained via a database backup with account access, a number of different sql injections with account access, or stolen from a user. Proof of...
Exploit for Code Injection in Apache Commons_Text
Text4Shell CVE-2022-42889 Docker Lab for CVE-2022-42889...
CVE-2023-25266
An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code...