11236 matches found
Microsoft Patch Tuesday December 2022: SPNEGO RCE, Mark of the Web Bypass, Edge Memory Corruptions
Hello everyone! This episode will be about Microsoft Patch Tuesday for December 2022, including vulnerabilities that were added between November and December Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. Alternative video link for...
Remote Code Execution (RCE)
xorg-server is vulnerable to remote code execution. The vulnerability exists because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code...
Remote Code Execution (RCE)
xorg-server is vulnerable to Remote Code Execution RCE.The vulnerability exists because the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request...
CVE-2022-46175
CVE-2022-46175 (JSON5 Prototype Pollution) The JSON5 library up to v1.0.1 and v2.2.1 fails to restrict keys named proto in JSON5.parse, enabling prototype pollution on the returned object. This can lead to arbitrary keys on the polluted object and, depending on usage, may cause denial of service,...
User Post Gallery <= 2.19 - Unauthenticated RCE
The plugin does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it. Invoke the following curl command to execute the "id" command via PHP's exec function: curl -i...
OpenTSDB 2.4.0 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenTSDB 2.4.0 unauthenticated command injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...
Exploit for OS Command Injection in Gitlab
gitlabrcecve-2022-2884 This is a Python3 program that explo...
New Exploit Method that Bypasses ProxyNotShell Mitigations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new exploit method has been found in the mitigations of the Microsoft Exchange vulnerability ProxyNotShell URL rewrite that allows for remote code execution RCE on compromised servers through Outlook W...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell OW...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell OW...
GHSA-27H2-HVPR-P74Q jsonwebtoken has insecure input validation in jwt.verify function
Overview For versions =8.5.1 of jsonwebtoken library, if a malicious actor has the ability to modify the key retrieval parameter referring to the secretOrPublicKey argument from the readme link of the jwt.verify function, they can gain remote code execution RCE. Am I affected? This security issue...
Apache Karaf vulnerable to potential code injection
This vulnerability is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource uses InitialContext.lookupjndiName without filtering. A...
Code injection
This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource use InitialContext.lookupjndiName without filtering. An us...
CVE-2022-40145 Apache Karaf: JDBC JAAS LDAP injection
This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource use InitialContext.lookupjndiName without filtering. An us...
CVE-2022-40145
Apache Karaf prior to 4.4.2 and 4.3.8 is affected by CVE-2022-40145 due to a lack of validation in JDBCUtils.doCreateDatasource when a JNDI LDAP data source URI is used. An attacker who controls the target LDAP server can trigger remote code execution by injecting a crafted JNDI name into Initial...
Fedora 35 : sysstat (2022-5adda2d05f)
The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-5adda2d05f advisory. Security fix for CVE-2022-39377 - arithmetic overflow in allocatestructures on 32 bit systems Tenable has extracted the preceding description block directly...
CVE-2022-46421 Apache Airflow Hive Provider: Hive Provider RCE vulnerability with hive_cli_params
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0...
CVE-2022-45942
CVE-2022-45942 is an RCE affecting baijiacms v4, specifically in includes/baijiacms/common.inc.php. The initial and connected records consistently identify a remote-code-execution vulnerability, with CVSSv3.1 base score 8.8 (HIGH) and network attack vector, low attack complexity, and no user inte...
CVE-2022-4063 InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...
Exploit for Incorrect Authorization in Cacti
CVE-2022-46169 Cacti Blind Remote Code Execution Pre-Auth...