CVE-2024-47575

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4,...

CVE-2024-45518

An issue was discovered in Zimbra Collaboration ZCS 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery SSRF due to improper input sanitization and misconfigured domain whitelisting. Th...

CVE-2024-45518

An issue was discovered in Zimbra Collaboration ZCS 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery SSRF due to improper input sanitization and misconfigured domain whitelisting. Th...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002 Versions 1.0.0https://github.com/grec...

RCE & Full Read SSRF & Arbitrary File Read in /web_crawl endpoint

Description The webcrawl function in documentapp.py contains a RCE vulnerability. This function receives the URL parameter, accesses and obtains the HTML content of the URL through Chromium headless, and converts the HTML content into a PDF file. Users can obtain the converted PDF file through th...

Exploit for Improper Restriction of XML External Entity Reference in Python

CVE-2022-48565 PoC Introduction This is a Proof of Concep...

Magento / Adobe Commerce Remote Code Execution Exploit

This Metasploit module uses a combination of an arbitrary file read CVE-2024-34102 and a buffer overflow in glibc CVE-2024-2961. It allows for unauthenticated remote code execution on various versions of Magento and Adobe Commerce and earlier versions if the PHP and glibc versions are also...

CVE-2024-45518

An issue was discovered in Zimbra Collaboration ZCS 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery SSRF due to improper input sanitization and misconfigured domain whitelisting. Th...

CVE-2024-45518

Vulnerability: CVE-2024-45518 affects Zimbra Collaboration (ZCS) versions including 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. The issue is Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisti...

CVE-2024-45518

An issue was discovered in Zimbra Collaboration ZCS 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery SSRF due to improper input sanitization and misconfigured domain whitelisting. Th...

Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy

CVE-2024-23113 The script is designed to detect CVE-2024-2311...

CVE-2024-49286 WordPress SSV Events plugin <= 3.2.7 - Local File Inclusion to RCE vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Jeroen Berkvens SSV Events ssv-events allows PHP Local File Inclusion.This issue affects SSV Events: from n/a through = 3.2.7...

CVE-2024-10131 Remote Code Execution in infiniflow/ragflow

The addllm function in llmapp.py in infiniflow/ragflow version 0.11.0 contains a remote code execution RCE vulnerability. The function uses user-supplied input req'llmfactory' and req'llmname' to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to...

Metasploit Weekly Wrap-Up 10/18/2024

ESC15: EKUwu AD CS continues to be a popular target for penetration testers and security practitioners. The latest escalation technique hence the the ESC in ESC15 was discovered by Justin Bollinger with details being released just last week. This latest configuration flaw has common issuance...

Docker Desktop < 4.34.3 RCE

The version of Docker installed on the remote host is prior to 4.34.3. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9348 advisory. - Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. CVE-2024-9348 Note that Nessus has not...

Docker for Windows < 4.34.3 RCE

The version of Docker Desktop installed on the remote host is prior to 4.34.3. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9348 advisory. - Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. CVE-2024-9348 Note that Nessus has...

Magento / Adobe Commerce Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CosmicSting: Magento Arbitrary File Read CVE-2024-34102 + PHP Buffer Overflow in the iconv function of glibc CVE-2024-2961', 'Description' = %q...

SofaWiki 3.9.2 Shell Upload

Exploit Title: SofaWiki 3.9.2 - Remote Code Execution RCE via Open Ticket File Upload Date: 10/17/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A remote co...

SolarWinds Web Help Desk < 12.8.3 HF 3 Java Deserialization RCE

The version of SolarWinds Web Help Desk installed on the remote host is prior to 12.8.3 HF3. It is, therefore, affected by a Java deserialization remote-code execution vulnerability, that, if exploited, would allow an attacker to run commands on the host machine. Note that Nessus has not tested f...

Remote Desktop client for Windows RCE (October 2024)

The Windows Remote Desktop client for Windows installed on the remote host is missing security updates. It is, therefore, affected by a remote-code execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...