Exploit for CVE-2024-29671

NEXTU FLETA Wifi6 Router RCE Exploit POC This document...

CVE-2024-11320 Command Injection leading to RCE via LDAP Misconfiguration

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through =777.4...

CVE-2024-11320 Command Injection leading to RCE via LDAP Misconfiguration

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through =777.4...

CVE-2024-11320

CVE-2024-11320 affects Pandora FMS versions 700 through 777.4, where a misconfiguration in the LDAP authentication mechanism enables a command injection that can lead to remote code execution on the server. The Nuclei/NVD entries consistently describe arbitrary command execution via LDAP command ...

Ivanti EPM Agent Portal Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/msnrtp/client' class MetasploitModule 'Ivanti EPM Agent Portal Command Execution', 'Description' = %q This module leverages an unauthenticated RCE in...

CVE-2024-52739

D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution RCE vulnerabilities in the mspinfohtm function via the flag and cmd parameters...

CVE-2024-52739

D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution RCE vulnerabilities in the mspinfohtm function via the flag and cmd parameters...

CVE-2024-52765

CVE-2024-52765 affects H3C GR-1800AX MiniGRW1B0V100R007. The vulnerability enables remote code execution via the aspForm parameter. CVSSv3.1 base score 9.8 (CRITICAL) with network attack vector, no user interaction required. Root cause details are not expanded beyond the RCE via aspForm, and ther...

Exploit for Unrestricted Upload of File with Dangerous Type in Avaya Aura_Device_Services

CVE-2023-3722 Python POC for CVE-2023-3722 Avaya Aura Device S...

CVE-2024-21697

This High severity RCE Remote Code Execution vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has...

CVE-2024-21697

CVE-2024-21697 : The vulnerability affects Atlassian SourceTree for Mac (version 4.2.8) and Windows (version 3.4.19). It is a remote code execution (RCE) vulnerability that allows an unauthenticated attacker to execute arbitrary code with high impact to confidentiality, integrity, and availabilit...

CVE-2024-48069

A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges...

CVE-2024-52427 WordPress Event Tickets with Ticket Scanner plugin <= 2.3.11 - Remote Code Execution (RCE) vulnerability

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include SSI Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.3.11...

CVE-2024-52434 WordPress Popup by Supsystic plugin <= 1.10.29 - Remote Code Execution (RCE) vulnerability

Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through = 1.10.29...

CVE-2024-41151 Apache HertzBeat: RCE by notice template injection vulnerability

Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue...

CVE-2024-41151 Apache HertzBeat: RCE by notice template injection vulnerability

Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue...

CVE-2024-45505 Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache HertzBeat incubating. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat incubating: before 1.6.1. Users are recommended to upgrade to versi...

CVE-2024-47208 Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE

Server-Side Request Forgery SSRF, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue...

CVE-2024-48962 Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE)

Improper Control of Generation of Code 'Code Injection', Cross-Site Request Forgery CSRF, : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17,...

CVE-2024-48962 Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE)

Improper Control of Generation of Code 'Code Injection', Cross-Site Request Forgery CSRF, : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17,...