CVE-2024-49379 Remote Code Execution (RCE) via Cross-Site Scripting (XSS) in Umbrel

Umbrel is a home server OS for self-hosting. The login functionality of Umbrel before version 1.2.2 contains a reflected cross-site scripting XSS vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the vulnerability. If a JavaScript URL is passed...

CVE-2024-52291

Craft is a content management system CMS. A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme e.g., file://file:////. This enables the attacker to specify sensitive folders as the file system, leading to potential file...

CVE-2024-52291 Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution

Craft is a content management system CMS. A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme e.g., file://file:////. This enables the attacker to specify sensitive folders as the file system, leading to potential file...

GHSA-JRH5-VHR9-QH7Q Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution

Summary A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme e.g., file://file:////. This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads,...

Exploit for CVE-2024-21534

CVE-2024-21534: Remote Code Execution Vulnerability in jsonpa...

Microsoft and Adobe Patch Tuesday, November 2024 Security Update Review

Microsoft has released its November 2024 Patch Tuesday updates, targeting various vulnerabilities that could impact users and organizations worldwide. From zero-day threats to key product patches, here’s what’s crucial to apply this month. Here’s a breakdown of the updates and how they impact you...

CVE-2024-49016

SQL Server Native Client Remote Code Execution Vulnerability...

CVE-2024-49027

CVE-2024-49027 is an Excel vulnerability (Office Excel) leading to a high-impact local code execution scenario. The CVSS v3.1 vector shows an L2 access vector, low complexity, no privileges required, but user interaction is required; impact to confidentiality, integrity, and availability is repor...

CVE-2024-49027 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2024-49018 SQL Server Native Client Remote Code Execution Vulnerability

...

CVE-2024-49007

CVE-2024-49007 is a SQL Server Native Client remote code execution vulnerability. The CVE is tied to SQL Server Native Client components used by Microsoft SQL Server. Connected documents indicate this issue is addressed in Microsoft security updates (KB5046857 and KB5046858) for SQL Server 2017 G...

CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

Apache Tomcat - Remote Code Execution via JMX Ports

Apache Tomcat versions before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 are vulnerable to remote code execution if JmxRemoteLifecycleListener is used and the JMX ports are exposed to attackers. The vulnerability exists due to inconsistent credentia...

Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns

Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. "Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the...

Exploit for SQL Injection in Fabianros Job_Portal

CVE-2024-7808 :skull: $$\colorred THIS \space EXPLOIT \spa...

Update your Android: Google patches two zero-day vulnerabilities

Google has announced patches for several high severity vulnerabilities. In total, 51 vulnerabilities have been patched in November's updates, two of which are under limited, active exploitation by cybercriminals. If your Android phone shows patch level 2024-11-05 or later then the issues discusse...

Exploit for OS Command Injection in Php

CVE-2024-4577 RCE Exploit While implementing PHP, the team d...

CVE-2024-47461 Authenticated Arbitrary Remote Command Execution (RCE) in Instant AOS-8 and AOS-10

An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to...

CVE-2024-51735 Stored Cross-site Scripting to RCE on Osmedeus Web Server

Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdow...