11236 matches found
Design/Logic Flaw
The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE...
CVE-2022-3921
CVE-2022-3921 affects the Listingo WordPress theme prior to version 3.2.7. The vulnerability arises because an AJAX upload action is accessible to unauthenticated users and does not validate uploaded files, permitting arbitrary file uploads and potentially remote code execution (RCE). Public writ...
CVE-2022-3921 Listingo < 3.2.7 - Unauthenticated Arbitrary File Upload
The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE...
CVE-2022-3982 Booking Calendar < 3.2.2 - Unauthenticated Arbitrary File Upload
The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE...
CVE-2022-3982
Summary (concrete details available) : CVE-2022-3982 affects the WordPress plugin “Booking Calendar” prior to version 3.2.2. The vulnerability is an arbitrary file upload flaw due to lack of validation, allowing unauthenticated users to upload files (e.g., PHP) and potentially achieve remote code...
CVE-2022-25912
CVE-2022-25912 affects the Node.js simple-git module prior to 3.16.0, with remote code execution via the ext transport protocol during clone() (incomplete fix of CVE-2022-24066). Several connected sources corroborate RCE via clone()/pull()/push()/listRemote() paths when input is crafted, with exp...
CVE-2022-24439
GitPython (Python library for interacting with Git) is affected by an RCE vulnerability in clone/clone_from prior to version 3.1.32 due to improper sanitization of user input in non-multi options. The issue allows injecting a malicious remote URL into the clone command because external git calls ...
Judging Management System 1.0 Shell Upload
Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Date: 12/11/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.ht...
Remote Code Execution (RCE)
GitPython is vulnerable to Remote Code Execution RCE. The vulnerability exists because the clonefrom function in base.py makes external calls to git without sufficient sanitization of input arguments, allowing an attacker to inject and execute a maliciously crafted remote URL into the clone comma...
Intel Data Center Manager 5.1 Local Privilege Escalation Vulnerability
The latest version 5.1 and all prior versions of Intel's Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user "dcm" used to run the web application and the rest interface. An attacker who gained remote code execution using this dcm user i.e....
Intel Data Center Manager 4.1 SQL Injection Vulnerability
Intel Data Center Manager's endpoint at "/DcmConsole/DataAccessServlet?action=getRoomRackData" is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter "dataName" is processed by the web application. Versions 4.1 and below are affected. 1...
New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm
Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patche...
Intel Data Center Manager 4.1 SQL Injection
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Intel Data Center Manager Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html Type: SQL Injection CWE-89 Date found: 2022-01-21 Date...
Intel Data Center Manager 5.1 Local Privilege Escalation
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Intel Data Center Manager Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html Type: Incorrect Use of Privileged APIs CWE-648 Date...
Amazon Linux 2022 : sysstat (ALAS2022-2022-255)
The version of sysstat installed on the remote host is prior to 12.5.6-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-255 advisory. - sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer b...
CVE-2022-45550
AyaCMS 3.1.2 is vulnerable to Remote Code Execution RCE...
Exploit for Incorrect Authorization in Hashicorp Consul
CVE-2021-41805 Hashicorp Consul RCE via API Has...
CVE-2022-45550
CVE-2022-45550 affects AyaCMS 3.1.2 and is described as a Remote Code Execution (RCE) vulnerability. The NVD/CVSS data show a high-severity impact (CVSS v3.1: 9.8, Network attack vector, no user interaction required, high confidentiality/integrity/availability impact). The provided documents do n...
CVE-2022-44371
CVE-2022-44371 affects hope-boot 1.0.0 and is described as a deserialization vulnerability that can lead to Remote Code Execution (RCE). The issue arises from unsafe deserialization in the component, with CVSS v3.1 base metrics: Network, Low attack complexity, No privileges required, User interac...
CVE-2022-42699 WordPress Easy WP SMTP Plugin <= 1.5.1 is vulnerable to Remote Code Execution (RCE)
Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin = 1.5.1 on WordPress...