Lucene search
K

11235 matches found

Tenable Nessus
Tenable Nessus
added 2023/02/21 12:0 a.m.30 views

FreeBSD : git -- Heap overflow in `git archive`, `git log --format` leading to RCE (2fcca7e4-b1d7-11ed-b0f4-002590f2a714)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2fcca7e4-b1d7-11ed-b0f4-002590f2a714 advisory. - Git is distributed revision control system. git log can display commits in an arbitrary format using...

9.8CVSS8.9AI score0.44268EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.51 views

Moodle 3.10.x < 3.10.5 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.8, 3.10.x prior to 3.10.5 or 3.11.x prior to 3.11.1. It is, therefore, affected by multiple vulnerabilities: - An SQL injection in the library fetching a user's enrolled courses. CVE-2021-36392 - An SQL injection in the...

9.8CVSS7.7AI score0.52299EPSS
Exploits8References24
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.31 views

Moodle 3.9.x < 3.9.8 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.8, 3.10.x prior to 3.10.5 or 3.11.x prior to 3.11.1. It is, therefore, affected by multiple vulnerabilities: - An SQL injection in the library fetching a user's enrolled courses. CVE-2021-36392 - An SQL injection in the...

9.8CVSS7.7AI score0.52299EPSS
Exploits8References24
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.127 views

Moodle 3.11.x < 3.11.1 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.8, 3.10.x prior to 3.10.5 or 3.11.x prior to 3.11.1. It is, therefore, affected by multiple vulnerabilities: - An SQL injection in the library fetching a user's enrolled courses. CVE-2021-36392 - An SQL injection in the...

9.8CVSS7.7AI score0.52299EPSS
Exploits8References24
Patchstack
Patchstack
added 2023/02/20 12:0 a.m.14 views

WordPress VideoWhisper Live Streaming Integration Plugin <= 5.5.15 is vulnerable to Remote Code Execution (RCE)

Software VideoWhisper Live Streaming Integration Type Plugin Vulnerable versions = 5.5.15 Fixed in 5.5.16 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-25699 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 19a4e9954324 Credits minhtuanact...

9.8CVSS7.6AI score0.01289EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.33 views

Moodle 3.11.x < 3.11.10 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.17, 3.11.x prior to 3.11.10 or 4.0.x prior to 4.0.4. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS and page Denial of Service DoS vulnerabilities due to recursive rendering in...

9.8CVSS7.3AI score0.01527EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.50 views

Moodle 3.9.x < 3.9.17 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.17, 3.11.x prior to 3.11.10 or 4.0.x prior to 4.0.4. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS and page Denial of Service DoS vulnerabilities due to recursive rendering in...

9.8CVSS7.3AI score0.01527EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2023/02/20 12:0 a.m.19 views

Python < 3.7.17, 3.8.x < 3.8.17, 3.9.x < 3.9.17, 3.10.x < 3.10.12, 3.11.x < 3.11.4 RCE Vulnerability - Mac OS X

Python is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

7.5CVSS8.4AI score0.20459EPSS
Exploits3References5
OpenVAS
OpenVAS
added 2023/02/20 12:0 a.m.20 views

Python < 3.7.17, 3.8.x < 3.8.17, 3.9.x < 3.9.17, 3.10.x < 3.10.12, 3.11.x < 3.11.4 RCE Vulnerability - Windows

Python is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

7.5CVSS8.4AI score0.20459EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2023/02/19 12:0 a.m.39 views

FreeBSD : Rundeck3 -- Log4J RCE vulnerability (27c822a0-addc-11ed-a9ee-dca632b19f10)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 27c822a0-addc-11ed-a9ee-dca632b19f10 advisory. - Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are...

8.5CVSS8.8AI score0.97906EPSS
Exploits9References3
Cvelist
Cvelist
added 2023/02/17 12:0 a.m.25 views

CVE-2023-22239 Adobe After Effects Improper Input Validation Remote Code Execution Vulnerability

After Affects versions 23.1 and earlier, 22.6.3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.9AI score0.00315EPSS
Exploits0References1
CVE
CVE
added 2023/02/17 12:0 a.m.105 views

CVE-2022-45701

CVE-2022-45701 affects Arris TG2482A firmware up to 9.1.103GEM9. The Red Hat/NVD/CVE records describe an authenticated Remote Code Execution (RCE) vulnerability exposed via the device’s ping utility feature, affecting TG2482A (and related models tested on TG2492, SBG10). Exploitation requires val...

8.8CVSS8.9AI score0.45313EPSS
Exploits6References2Affected Software1
CVE
CVE
added 2023/02/17 12:0 a.m.122 views

CVE-2023-24078

CVE-2023-24078 affects Real Time Logic FuguHub v8.1 and earlier, with a remote code execution (RCE) vulnerability exploitable via the /FuguHub/cmsdocs/ component. The NVD entry lists a high-severity CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Public material in connected do...

8.8CVSS9AI score0.53239EPSS
Exploits9References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/17 12:0 a.m.94 views

Microsoft Team Foundation Server and Azure DevOps Server 2020 RCE

The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by a remote code execution vulnerability. Note all systems require a manual process of applying new resource group tasks. Nessus is unable to detect the state of the tasks at this...

7.5CVSS8.6AI score0.01408EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2023/02/16 10:0 a.m.80 views

Arris router vulnerability could lead to complete takeover

Security researcher Yerodin Richards has found an authenticated remote code execution RCE vulnerability in Arris routers. This is the type of router that ISPs typically provide in loan for customers telephony and internet access. After responsible disclosure Richards has published a...

9.4AI score0.45313EPSS
Exploits6
ATTACKERKB
ATTACKERKB
added 2023/02/16 12:0 a.m.90 views

CVE-2023-23752

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. Recent assessments: noraj at March 24, 2023 9:21am UTC reported: There are at least two ways to achieve RCE. Vector n°1 It leaks the MySQL credentials, in default a...

5.3CVSS5.7AI score0.99827EPSS
In wildExploits43References7
Packet Storm
Packet Storm
added 2023/02/16 12:0 a.m.453 views

Atrocore 1.5.25 Shell Upload

Title: atrocore-1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Date: 02.16.2023 Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/02/16 12:0 a.m.284 views

Atrocore 1.5.25 Shell Upload Exploit

Title: atrocore-1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Date: 02.16.2023 Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create...

0.3AI score
Exploits0
Metasploit
Metasploit
added 2023/02/15 7:51 p.m.692 views

GitLab GitHub Repo Import Deserialization RCE

An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested defaultbranch. GitLab will cache this object and then deserialize it when...

9.9CVSS9AI score0.86194EPSS
Exploits5
GithubExploit
GithubExploit
added 2023/02/15 6:28 a.m.1117 views

Exploit for Code Injection in Pyload

pyloadCVE-2023-0297poc A code injection vulnerability...

9.8CVSS9.6AI score0.96988EPSS
Exploits13
Rows per page
Query Builder