Lucene search
K

11236 matches found

Prion
Prion
added 2022/12/12 6:15 p.m.21 views

Design/Logic Flaw

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE...

7.5CVSS9.5AI score0.21205EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/12/12 5:57 p.m.57 views

CVE-2022-3921

CVE-2022-3921 affects the Listingo WordPress theme prior to version 3.2.7. The vulnerability arises because an AJAX upload action is accessible to unauthenticated users and does not validate uploaded files, permitting arbitrary file uploads and potentially remote code execution (RCE). Public writ...

9.8CVSS9.7AI score0.21205EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/12/12 5:57 p.m.16 views

CVE-2022-3921 Listingo < 3.2.7 - Unauthenticated Arbitrary File Upload

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE...

9.8AI score0.21205EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/12/12 5:54 p.m.22 views

CVE-2022-3982 Booking Calendar < 3.2.2 - Unauthenticated Arbitrary File Upload

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE...

9.9AI score0.04493EPSS
Exploits2References1
CVE
CVE
added 2022/12/12 5:54 p.m.96 views

CVE-2022-3982

Summary (concrete details available) : CVE-2022-3982 affects the WordPress plugin “Booking Calendar” prior to version 3.2.2. The vulnerability is an arbitrary file upload flaw due to lack of validation, allowing unauthenticated users to upload files (e.g., PHP) and potentially achieve remote code...

9.8CVSS9.7AI score0.04493EPSS
In wildExploits2References1Affected Software1
CVE
CVE
added 2022/12/12 1:49 a.m.120 views

CVE-2022-25912

CVE-2022-25912 affects the Node.js simple-git module prior to 3.16.0, with remote code execution via the ext transport protocol during clone() (incomplete fix of CVE-2022-24066). Several connected sources corroborate RCE via clone()/pull()/push()/listRemote() paths when input is crafted, with exp...

9.8CVSS9.1AI score0.02784EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2022/12/12 1:49 a.m.358 views

CVE-2022-24439

GitPython (Python library for interacting with Git) is affected by an RCE vulnerability in clone/clone_from prior to version 3.1.32 due to improper sanitization of user input in non-multi options. The issue allows injecting a malicious remote URL into the clone command because external git calls ...

9.8CVSS9AI score0.05378EPSS
Exploits1References9Affected Software1
Packet Storm
Packet Storm
added 2022/12/12 12:0 a.m.200 views

Judging Management System 1.0 Shell Upload

Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Date: 12/11/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.ht...

7.4AI score
Exploits0
Veracode
Veracode
added 2022/12/11 3:40 a.m.39 views

Remote Code Execution (RCE)

GitPython is vulnerable to Remote Code Execution RCE. The vulnerability exists because the clonefrom function in base.py makes external calls to git without sufficient sanitization of input arguments, allowing an attacker to inject and execute a maliciously crafted remote URL into the clone comma...

9.8CVSS9.5AI score0.05378EPSS
Exploits1References14Affected Software1
0day.today
0day.today
added 2022/12/10 12:0 a.m.475 views

Intel Data Center Manager 5.1 Local Privilege Escalation Vulnerability

The latest version 5.1 and all prior versions of Intel's Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user "dcm" used to run the web application and the rest interface. An attacker who gained remote code execution using this dcm user i.e....

10CVSS9.4AI score0.99999EPSS
Exploits347
0day.today
0day.today
added 2022/12/10 12:0 a.m.282 views

Intel Data Center Manager 4.1 SQL Injection Vulnerability

Intel Data Center Manager's endpoint at "/DcmConsole/DataAccessServlet?action=getRoomRackData" is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter "dataName" is processed by the web application. Versions 4.1 and below are affected. 1...

8CVSS0.6AI score0.01457EPSS
Exploits4
The Hacker News
The Hacker News
added 2022/12/09 5:16 p.m.60 views

New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patche...

9.8CVSS1AI score0.36152EPSS
Exploits1
Packet Storm
Packet Storm
added 2022/12/09 12:0 a.m.258 views

Intel Data Center Manager 4.1 SQL Injection

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Intel Data Center Manager Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html Type: SQL Injection CWE-89 Date found: 2022-01-21 Date...

8CVSS0.5AI score0.01457EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/12/09 12:0 a.m.345 views

Intel Data Center Manager 5.1 Local Privilege Escalation

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Intel Data Center Manager Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html Type: Incorrect Use of Privileged APIs CWE-648 Date...

10CVSS0.7AI score0.99999EPSS
Exploits347
Tenable Nessus
Tenable Nessus
added 2022/12/09 12:0 a.m.17 views

Amazon Linux 2022 : sysstat (ALAS2022-2022-255)

The version of sysstat installed on the remote host is prior to 12.5.6-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-255 advisory. - sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer b...

7.8CVSS7.4AI score0.01096EPSS
Exploits1References3
NVD
NVD
added 2022/12/07 7:15 p.m.12 views

CVE-2022-45550

AyaCMS 3.1.2 is vulnerable to Remote Code Execution RCE...

9.8CVSS0.01473EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2022/12/07 10:50 a.m.359 views

Exploit for Incorrect Authorization in Hashicorp Consul

CVE-2021-41805 Hashicorp Consul RCE via API Has...

8.8CVSS8.2AI score0.3479EPSS
Exploits3
CVE
CVE
added 2022/12/07 12:0 a.m.58 views

CVE-2022-45550

CVE-2022-45550 affects AyaCMS 3.1.2 and is described as a Remote Code Execution (RCE) vulnerability. The NVD/CVSS data show a high-severity impact (CVSS v3.1: 9.8, Network attack vector, no user interaction required, high confidentiality/integrity/availability impact). The provided documents do n...

9.8CVSS9.6AI score0.01473EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/12/07 12:0 a.m.51 views

CVE-2022-44371

CVE-2022-44371 affects hope-boot 1.0.0 and is described as a deserialization vulnerability that can lead to Remote Code Execution (RCE). The issue arises from unsafe deserialization in the component, with CVSS v3.1 base metrics: Network, Low attack complexity, No privileges required, User interac...

9.8CVSS9.7AI score0.01332EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/12/06 10:0 p.m.16 views

CVE-2022-42699 WordPress Easy WP SMTP Plugin <= 1.5.1 is vulnerable to Remote Code Execution (RCE)

Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin = 1.5.1 on WordPress...

9.1CVSS9.8AI score0.01319EPSS
Exploits0References1
Rows per page
Query Builder