Lucene search
K

11236 matches found

GithubExploit
GithubExploit
added 2022/12/06 4:59 p.m.122 views

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 CVE-2022-1388 F5 BIG-IP iControl REST Auth Byp...

9.8CVSS9.8AI score0.99956EPSS
Exploits63
NVD
NVD
added 2022/12/06 5:15 a.m.22 views

CVE-2022-24439

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

9.8CVSS0.05378EPSS
Exploits1References9
Prion
Prion
added 2022/12/06 5:15 a.m.20 views

Design/Logic Flaw

The package simple-git before 3.15.0 are vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...

7.5CVSS9.6AI score0.04067EPSS
Exploits2References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/12/06 12:0 a.m.42 views

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

All versions of package gitpython is vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

9.8CVSS3.8AI score0.05378EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2022/12/05 10:15 p.m.22 views

CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

9.8CVSS0.02386EPSS
Exploits1References3
OSV
OSV
added 2022/12/05 10:15 p.m.41 views

CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

9.8CVSS9.7AI score
Exploits0References2
Prion
Prion
added 2022/12/05 10:15 p.m.27 views

Sql injection

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

7.5CVSS9.6AI score0.02386EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2022/12/05 10:15 p.m.55 views

CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

9.8CVSS6.7AI score0.02386EPSS
Exploits1References2
NVD
NVD
added 2022/12/05 5:15 p.m.24 views

CVE-2022-1540

The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE...

7.2CVSS0.01042EPSS
Exploits2References1
Prion
Prion
added 2022/12/05 5:15 p.m.13 views

Design/Logic Flaw

The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE...

5.8CVSS7AI score0.01042EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/12/05 4:50 p.m.28 views

CVE-2022-1540 PostmagThemes Demo <= 1.0.7 - Admin+ Arbitrary File Upload

The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE...

7.3AI score0.01042EPSS
Exploits2References1
CVE
CVE
added 2022/12/05 4:50 p.m.64 views

CVE-2022-1540

The CVE-2022-1540 issue affects the WordPress plugin PostmagThemes Demo Import, version 1.0.7 and earlier. The root cause is that the plugin does not validate the uploaded import file, enabling high-privilege users (e.g., admins) to upload arbitrary files (such as PHP), which can lead to remote c...

7.2CVSS7AI score0.01042EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/05 12:0 a.m.22 views

Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload

The plugin does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE PoC 1. Install and activate woocommerce dependency, no setup required 2. Install and activate the...

9.8CVSS0.7AI score0.06152EPSS
Exploits3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/12/05 12:0 a.m.40 views

Deserialization of Untrusted Data

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

9.8CVSS3.5AI score0.02386EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2022/12/05 12:0 a.m.54 views

CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

9.9AI score0.02386EPSS
Exploits1References2
CVE
CVE
added 2022/12/05 12:0 a.m.282 views

CVE-2022-32224

CVE-2022-32224 : Rails/ActiveRecord YAML deserialization issue. YAML-serialized columns can be deserialized with YAML.unsafe_load, enabling an attacker who can manipulate data in the database (e.g., via SQL injection) to escalate to remote code execution (RCE). Affected Rails/ActiveRecord version...

9.8CVSS9.5AI score0.02386EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2022/12/05 12:0 a.m.44 views

CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

9.8CVSS6.4AI score0.02386EPSS
Exploits1
Veracode
Veracode
added 2022/12/04 3:10 a.m.25 views

Remote Code Execution (RCE)

nvidia-cuda-toolkit is vulnerable to remote code execution. The vulnerability exists due to an integer overflow which allows an attacker to inject and execute malicious input...

7.8CVSS8.1AI score0.02011EPSS
Exploits0References3Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2022/12/02 9:0 p.m.82 views

Metasploit Weekly Wrap-Up

ProxyNotShell This week's Metasploit release includes an exploit module for CVE-2022-41082, AKA ProxyNotShell by DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q, Orange Tsai, Piotr Bazydło, Rich Warren, Soroush Dalili, and our very own Spencer McIntyre. The vulnerability CVE-2022-41082, AKA ProxyNotShell is a...

0.6AI score0.99964EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2022/12/02 12:0 a.m.59 views

ManageEngine ServiceDesk Plus MSP < 13.0 Build 13000 RCE

A remote code execution vulnerability exists in ManageEngine ServiceDesk Plus MSP prior to 13.0 Build 13000 due to a flaw in the Analytics Plus integration input field validation. Vulnerability requires an administrator role access. The option to integrate Zoho Analytics will no longer be availab...

7.2CVSS7.8AI score0.82529EPSS
Exploits0References3
Rows per page
Query Builder