11236 matches found
GHSA-X347-FC9W-W7C3 Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
EulerOS 2.0 SP9 : sysstat (EulerOS-SA-2023-1114)
According to the versions of the sysstat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1...
CVE-2021-32828
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
CVE-2021-32828
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
Synology addresses the RCE vulnerability that affects VPN Plus servers
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Synology has addressed a flaw in VPN Plus Server that has the potential to take control affected systems. The vulnerability, identified as CVE-2022-43931, is an out-of-bounds write fault in Synolo...
CVE-2021-32828
The CVE-2021-32828 entry affects Nuxeo Platform 11.5.109, where the oauth2 REST API is vulnerable to Reflected XSS, which can be escalated to Remote Code Execution (RCE) via the automation API. The available connected documents confirm the affected software/component and the root cause/impact. Re...
Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers
Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds writ...
Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload
The plugin does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE. PoC 1. Install and activate WooCommerce dependency, no setup required 2. Create a local file containing the payload on /tmp/payload.php 3...
The Bug Report December 2022 Edition
The Bug Report — December 2022 Edition By Trellix · January 4, 2023 This story was also written by John Borrero Rodriguez Everyone gets it Why am I here? Ho Ho Ho! Welcome back to the Bug Report, or a more fitting name for this time of year: The NAUGHTY List! Yes, we checked it twice. It is no...
The Bug Report December 2022 Edition
The Bug Report — December 2022 Edition By Trellix · January 4, 2023 This story was also written by John Borrero Rodriguez Everyone gets it Why am I here? Ho Ho Ho! Welcome back to the Bug Report, or a more fitting name for this time of year: The NAUGHTY List! Yes, we checked it twice. It is no...
PlaySMS < 1.4.3 RCE (CVE-2020-8644)
Binary data playsmscve-2020-8644.nbin...
Autodesk DWG TrueView 2023 < 2023.1.1 RCE
The remote host has an install of Autodesk DWG TrueView version 2023 prior to 2023.1.1. It is, therefore, affected by a remote code execution vulnerability due to DLL search order hijacking. Note that Nessus has not tested for this issue but has instead relied only on the application's...
Exploit for Cross-Site Request Forgery (CSRF) in Filebrowser
CVE-2021-46398 - Lalie ARNOUD, Gaspard ANDRIEU In this reposi...
Unrestricted Logging Filename Lead to RCE
Description This vulnerability occur because there is no filename restriction for saving logging file. In this case attacker can set the filename to existing php file and append php code on it by manipulating the logged input. Proof of Concept 1. Log in using operator account, in this case i try ...
Prototype Pollution in JSON5 via Parse Method
The parse method of the JSON5 library before and including version 2.2.1 does not restrict parsing of keys named proto, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by JSON5.parse and not the...
Textpattern 4.8.8 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Textpattern 4.8.8 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://textpattern.com/ Version : 4.8.8 Tested on: windows 11 xammp | Kali linux Category: WebApp Google Dork: intext:"Published with Textpattern...
CVE-2022-4047
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE...
Design/Logic Flaw
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE...
CVE-2022-4047
CVE-2022-4047 affects the Return Refund and Exchange For WooCommerce WordPress plugin prior to version 4.0.9. The root cause is failure to validate attachment files uploaded via an AJAX action accessible to unauthenticated users, allowing arbitrary files (e.g., PHP) to be uploaded and potentially...
CVE-2022-4047 Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE...