11236 matches found
CVE-2022-42136
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...
Design/Logic Flaw
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...
CVE-2022-42136
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...
CVE-2022-42136
CVE-2022-42136 affects MailEnable on Windows. Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had access, enabling an attacker to store arbitrary code on those files and execute Remote Code Execution (RCE). The ...
EXNESS: Blind SSRF on https://my.exnessaffiliates.com/ allows for internal network enumeration
A blind stored server-side request forgery vulnerability was discovered in an endpoint of a website. This allowed internal network details to be disclosed by making requests to internal IP addresses and ports. With escalation, further inspection of the internal network could have been possible. T...
Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability
Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel CWP that enables elevated privileges and unauthenticated remote code execution RCE on susceptible servers. Tracked as CVE-2022-44877 CVSS score: 9.8, the bug impacts all versions of...
SugarCRM 11.0.x < 11.0.5, 12.0.x < 12.0.2 RCE Vulnerability
SugarCRM is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sugarcrm:sugarcrm...
openSUSE 15 Security Update : rubygem-activerecord-5.2 (openSUSE-SU-2023:0009-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2023:0009-1 advisory. - A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which...
Microsoft Office Outlook 2019 RCE Vulnerabilities (Jan 2023) - Mac OS X
This host is missing an important security update for Microsoft Office Outlook 2019 on Mac OS X according to Microsoft security update January 2023 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
Microsoft Windows Multiple Vulnerabilities (KB5022282)
This host is missing an important security update according to Microsoft KB5022282 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
MatrixSSL 4.x < 4.6.0 RCE Vulnerability
MatrixSSL is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Patch Tuesday - January 2023
Microsoft is starting the new year with a bang! Today’s Patch Tuesday release addresses almost 100 CVEs. After a relatively mild holiday season, defenders and admins now have a wide range of exciting new vulnerabilities to consider. Two zero-day vulnerabilities emerged today, both affecting a wid...
CVE-2023-21535
Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability...
Microsoft Patch Tuesday for January 2023 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 98 vulnerabilities. Of these vulnerabilities, 11 are classified as "Critical", 87 are classified as "Important", no vulnerability classified as "Moderate." According to Microsoft all "Critical" vulnerability are either less...
CVE-2023-21548 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
...
Online Food Ordering System 2.0 Shell Upload Vulnerability
Exploit Title: Online Food Ordering System v2 - Remote Code Execution RCE Unauthenticated Exploit Author: Hakan Sonay Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Software Link:...
CVE-2023-21535 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
...
Huawei EulerOS: Security Advisory for sysstat (EulerOS-SA-2023-1138)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for sysstat (EulerOS-SA-2023-1114)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Command Injection in Zte Mf286R_Firmware
CVE-2022-39073 Firmware details: wainnerversion: BDPO...