11235 matches found
FreeBSD : git -- Heap overflow in `git archive`, `git log --format` leading to RCE (2fcca7e4-b1d7-11ed-b0f4-002590f2a714)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2fcca7e4-b1d7-11ed-b0f4-002590f2a714 advisory. - Git is distributed revision control system. git log can display commits in an arbitrary format using...
Moodle 3.10.x < 3.10.5 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.8, 3.10.x prior to 3.10.5 or 3.11.x prior to 3.11.1. It is, therefore, affected by multiple vulnerabilities: - An SQL injection in the library fetching a user's enrolled courses. CVE-2021-36392 - An SQL injection in the...
Moodle 3.9.x < 3.9.8 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.8, 3.10.x prior to 3.10.5 or 3.11.x prior to 3.11.1. It is, therefore, affected by multiple vulnerabilities: - An SQL injection in the library fetching a user's enrolled courses. CVE-2021-36392 - An SQL injection in the...
Moodle 3.11.x < 3.11.1 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.8, 3.10.x prior to 3.10.5 or 3.11.x prior to 3.11.1. It is, therefore, affected by multiple vulnerabilities: - An SQL injection in the library fetching a user's enrolled courses. CVE-2021-36392 - An SQL injection in the...
WordPress VideoWhisper Live Streaming Integration Plugin <= 5.5.15 is vulnerable to Remote Code Execution (RCE)
Software VideoWhisper Live Streaming Integration Type Plugin Vulnerable versions = 5.5.15 Fixed in 5.5.16 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-25699 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 19a4e9954324 Credits minhtuanact...
Moodle 3.11.x < 3.11.10 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.17, 3.11.x prior to 3.11.10 or 4.0.x prior to 4.0.4. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS and page Denial of Service DoS vulnerabilities due to recursive rendering in...
Moodle 3.9.x < 3.9.17 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.17, 3.11.x prior to 3.11.10 or 4.0.x prior to 4.0.4. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS and page Denial of Service DoS vulnerabilities due to recursive rendering in...
Python < 3.7.17, 3.8.x < 3.8.17, 3.9.x < 3.9.17, 3.10.x < 3.10.12, 3.11.x < 3.11.4 RCE Vulnerability - Mac OS X
Python is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...
Python < 3.7.17, 3.8.x < 3.8.17, 3.9.x < 3.9.17, 3.10.x < 3.10.12, 3.11.x < 3.11.4 RCE Vulnerability - Windows
Python is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...
FreeBSD : Rundeck3 -- Log4J RCE vulnerability (27c822a0-addc-11ed-a9ee-dca632b19f10)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 27c822a0-addc-11ed-a9ee-dca632b19f10 advisory. - Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are...
CVE-2023-22239 Adobe After Effects Improper Input Validation Remote Code Execution Vulnerability
After Affects versions 23.1 and earlier, 22.6.3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2022-45701
CVE-2022-45701 affects Arris TG2482A firmware up to 9.1.103GEM9. The Red Hat/NVD/CVE records describe an authenticated Remote Code Execution (RCE) vulnerability exposed via the device’s ping utility feature, affecting TG2482A (and related models tested on TG2492, SBG10). Exploitation requires val...
CVE-2023-24078
CVE-2023-24078 affects Real Time Logic FuguHub v8.1 and earlier, with a remote code execution (RCE) vulnerability exploitable via the /FuguHub/cmsdocs/ component. The NVD entry lists a high-severity CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Public material in connected do...
Microsoft Team Foundation Server and Azure DevOps Server 2020 RCE
The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by a remote code execution vulnerability. Note all systems require a manual process of applying new resource group tasks. Nessus is unable to detect the state of the tasks at this...
Arris router vulnerability could lead to complete takeover
Security researcher Yerodin Richards has found an authenticated remote code execution RCE vulnerability in Arris routers. This is the type of router that ISPs typically provide in loan for customers telephony and internet access. After responsible disclosure Richards has published a...
CVE-2023-23752
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. Recent assessments: noraj at March 24, 2023 9:21am UTC reported: There are at least two ways to achieve RCE. Vector n°1 It leaks the MySQL credentials, in default a...
Atrocore 1.5.25 Shell Upload
Title: atrocore-1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Date: 02.16.2023 Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create...
Atrocore 1.5.25 Shell Upload Exploit
Title: atrocore-1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Date: 02.16.2023 Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create...
GitLab GitHub Repo Import Deserialization RCE
An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested defaultbranch. GitLab will cache this object and then deserialize it when...
Exploit for Code Injection in Pyload
pyloadCVE-2023-0297poc A code injection vulnerability...