Lucene search
K

11235 matches found

Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.26 views

RHEL 8 : CloudForms 5.0.3 (RHSA-2020:0588)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0588 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments...

9CVSS7.4AI score0.04078EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.26 views

RHEL 7 : CloudForms 4.7.15 (RHSA-2020:0589)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0589 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments...

9CVSS7.4AI score0.04078EPSS
Exploits0References15
Packet Storm
Packet Storm
added 2023/01/23 12:0 a.m.680 views

Food Ordering System 2 Shell Upload

Title: Food Ordering System v2 File upload Vulnerability + web-shell upload - RCE Author: nu11secur1ty Date: 01.23.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Reference:...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/01/22 12:0 a.m.582 views

OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation Vulnerabilities

======================================================================= title: Multiple post-authentication vulnerabilities including RCE product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 16.2.2 - 22.3 fixed version: 22.4 CVE number: CVE-2022-45924,...

8.8CVSS8.3AI score0.16972EPSS
Exploits7
Hacker One
Hacker One
added 2023/01/21 6:3 p.m.430 views

Krisp: SQL Injection + Insecure Deserialization leads to Remote Code Execution on https://krisp.ai

The tenweb-speed-optimizer WordPress plugin prior to version 2.12.22 was vulnerable to unauthenticated SQL injection in /wp-json/tenwebio/v2/compress-one, which could be exploited to gain remote code execution by chaining it with insecure deserialization...

9.1AI score
Exploits0
Veracode
Veracode
added 2023/01/20 3:49 a.m.43 views

Remote Code Execution

shopware is vulnerable to Remote Code Execution RCE. An attacker with access to a Twig environment is able to use templates to call any global PHP function with filters such as map, filter, and sort, which allows an attacker to upload and execute malicious code on the system...

9.9CVSS9AI score0.01333EPSS
Exploits0References4Affected Software2
Packet Storm
Packet Storm
added 2023/01/20 12:0 a.m.303 views

OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple post-authentication vulnerabilities including RCE product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 16.2.2 - 22.3 fixed...

0.6AI score0.16972EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2023/01/19 5:46 p.m.57 views

CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-47966, a pre-authentication remote code execution RCE vulnerability impacting at least 24 on-premi...

0.99753EPSS
Exploits15
The Hacker News
The Hacker News
added 2023/01/19 2:20 p.m.60 views

New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks

A new critical remote code execution RCE flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application. "The vulnerability is achieved through CSRF cross-site request forgery on the ubiquitous SC...

8.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/01/19 12:0 a.m.27 views

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers RCE and DoS (cisco-sa-sb-rv-rcedos-7HjP74jD)

According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by a vulnerability in the web-based management interface. An authenticated, remote attacker can exploit this, via crafted HTTP input, to execute arbitrary code on an affected device or cause the...

7.2CVSS7.5AI score0.00675EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/01/18 6:15 p.m.276 views

CVE-2022-47966

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...

9.8CVSS8.1AI score0.99753EPSS
In wildExploits15References17
RedHat Linux
RedHat Linux
added 2023/01/18 2:55 p.m.103 views

Critical: Red Hat Security Advisory: Satellite 6.12.1 Async Security Update

Updated Satellite 6.12 packages that fixes critical security bugs and several regular bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet...

9.8CVSS7.1AI score0.99931EPSS
Exploits44References15
CVE
CVE
added 2023/01/18 12:0 a.m.1309 views

CVE-2022-47966

CVE-2022-47966 (ManageEngine products) is a pre-auth remote code execution vulnerability rooted in the Apache Santuario (XML Security for Java) 1.4.1 library. The XML signature processing in this version can bypass protections, enabling RCE when a SAML SSO flow is engaged by affected ManageEngine...

9.8CVSS9.8AI score0.99753EPSS
In wildExploits15References11Affected Software1
Packet Storm
Packet Storm
added 2023/01/18 12:0 a.m.392 views

Ivanti Cloud Services Appliance (CSA) Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Cloud Services Appliance CSA Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Ivanti...

9.8CVSS0.7AI score0.99105EPSS
Exploits9
Wiz blog
Wiz blog
added 2023/01/17 1:17 p.m.29 views

CVE-2022-44877, critical RCE in CentOS Control Web Panel exploited in the wild: everything you need to know

Detect and mitigate CVE-2022-44877, a CentOS Control Web Panel CWP unauthenticated RCE exploited in the wild. Security teams are advised to patch urgently...

9.8CVSS7AI score0.99995EPSS
Exploits12
Malwarebytes
Malwarebytes
added 2023/01/17 7:0 a.m.91 views

Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability

Users of multiple Zoho ManageEngine products are under urgent advice to install the patch issued October 27, 2022. The advice is urgent because on January 13, 2023 the Horizon3 Attack Team tweeted that Proof of Concept PoC code and a deep-dive blog will be released within a week. Mitigation A lon...

9.6AI score0.9994EPSS
Exploits20
OpenVAS
OpenVAS
added 2023/01/17 12:0 a.m.17 views

Western Digital My Cloud Multiple Products 5.x < 5.26.119 Multiple Vulnerabilities (WDC-23002)

Multiple Western Digital My Cloud products are prone to multiple vulnerabilities. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...

9.8CVSS9.8AI score0.36405EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2023/01/17 12:0 a.m.32 views

git -- Heap overflow in `git archive`, `git log --format` leading to RCE

The git team reports: git log has the ability to display commits using an arbitrary format with its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators e.g., %, %, or % , an integer overflow can occur in...

9.8CVSS7.6AI score0.44268EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/16 3:38 p.m.30 views

CVE-2022-4060 User Post Gallery <= 2.19 - Unauthenticated RCE

The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it...

9.8AI score0.42723EPSS
Exploits2References1
NVD
NVD
added 2023/01/13 9:15 p.m.29 views

CVE-2022-42136

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...

8.8CVSS8.8AI score0.00874EPSS
Exploits0References2
Rows per page
Query Builder