CVE-2024-44014 WordPress Vmax Project Manager plugin <= 1.0 - Local File Inclusion to RCE vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Vmaxstudio Vmax Project Manager allows PHP Local File Inclusion, Code Injection.This issue affects Vmax Project Manager: from n/a through 1.0...

CVE-2024-46486

TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution RCE vulnerability via the httpProcDataSrv function...

@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings

Summary The endpoint /site-structure/localizer/save-string/:lang/:defstring accepts two parameter values: lang and defstring. These values are used in an unsafe way to set the keys and value of the cfgStrings object. It allows to add/modify properties of the Object prototype that result in severa...

GHSA-VFJ8-5PJ7-2F9G OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)

Summary The login functionality contains a reflected cross-site scripting XSS vulnerability. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition Impact This issue may lead up to Remote Code Execution RCE...

redis,valkey -- Multiple vulnerabilities

Redis core team reports: CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service due to malformed ACL selectors. CVE-2024-31228 Potential Denial-of-service due to unbounded pattern matching...

CVE-2024-46084

Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution RCE via the nmunzip function...

CVE-2024-46084

CVE-2024-46084 affects Scriptcase 9.10.023 and earlier, describing a Remote Code Execution via the nm_unzip function. Documents list the affected version and the vulnerability type, with CVSS v3.1 base score 8.0 (HIGH). A temporary workaround mentioned in PT-2024-31904 is to disable the nm_unzip ...

Exploit for Deserialization of Untrusted Data in Givewp

This post is a research article published by EQSTLabhttps://g...

CVE-2024-46540

A remote code execution RCE vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges...

WordPress Iconize Plugin <= 1.2.4 is vulnerable to Remote Code Execution (RCE)

Software Iconize Type Plugin Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-47649 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 2e52b5fca1ea Credits SOPROBRO Required privilege Administrator...

Exploit for CVE-2021-3129

CVE-2021-3129 Laravel Ignition RCE Exploit This is a Python e...

Metasploit Weekly Wrap-Up 09/27/2024

Epic Release! This week's release includes 5 new modules, 6 enhancements, 4 fixes and 1 documentation update. Among the new additions, we have an account take over, SQL injection, RCE, and LPE! Thank you to all the contributors who made it possible! New Module Content 5 Cisco Smart Software Manag...

CVE-2024-46256

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate...

CVE-2024-46256

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate...

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, & java-latest-openjdk packages fix security vulnerabilities

Potential UTF8 size overflow. CVE-2024-21131 Excessive symbol length can lead to infinite loop. CVE-2024-21138 Range Check Elimination RCE pre-loop limit overflow. CVE-2024-21140 Pack200 increase loading time due to improper header validation. CVE-2024-21144 Out-of-bounds access in 2D image...

MGASA-2024-0319 Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, & java-latest-openjdk packages fix security vulnerabilities

Potential UTF8 size overflow. CVE-2024-21131 Excessive symbol length can lead to infinite loop. CVE-2024-21138 Range Check Elimination RCE pre-loop limit overflow. CVE-2024-21140 Pack200 increase loading time due to improper header validation. CVE-2024-21144 Out-of-bounds access in 2D image...

CVE-2024-46256

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate...

CVE-2024-46256

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate...

Backdoor.Win32.Amatu.a MVID-2024-0698 Arbitrary File Write

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/1e2d0b90ffc23e00b743c41064bdcc6b.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Amatu.a Vulnerability: Remote Arbitrary File Write RCE Family: Amatu Type: PE32...

CVE-2024-46256

CVE-2024-46256 affects NginxProxyManager 2.11.3 and is due to a command injection in the requestLetsEncryptSsl routine that enables remote code execution when adding a Let’s Encrypt certificate. The Red Hat/OSV/NVD entries corroborate the same vulnerability description (CVE-2024-46256) and identi...