Amazon Linux AMI : python-paramiko (ALAS-2018-1096)

Paramiko contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. This issue does not affect instances where only the ssh client functionality of the paramiko library is used.CVE-2018-1000805 C Tenable...

smb-vuln-webexec NSE Script

A critical remote code execution vulnerability exists in WebExService WebExec. See also: smb-webexec-exploit.nse Script Arguments smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See the documentation for the smbauth library. randomseed, smbbasic, smbport, smbsign See the...

WordPress: CSRF to HTML Injection in Comments

Simon discovered a CSRF vulnerability that led to RCE. More details are available on the RIPS blog...

Thousands of Applications Vulnerable to RCE via jQuery File Upload

A widely used plugin by Blueimp called jQuery File Upload contains a years-old vulnerability that potentially places 7,800 different software applications at risk for compromise and remote code-execution RCE. jQuery File Upload is a is a user-contributed open-source package for software developer...

Critical: python-paramiko

Issue Overview: Paramiko contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. This issue does not affect instances where only the ssh client functionality of the paramiko library is...

Apache Struts 2 Multiple Tags Result Namespace Handling RCE

Remote command execution vulnerability in Apache Struts 2 multiple tags result namespace handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

GHSA-7Q9C-H23X-65FQ Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

GHSA-RRPM-PJ7P-7J9Q Spring Security OAuth vulnerable to remote code execution (RCE)

Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, and prior to 2.0.15 contain a remote code execution vulnerability. An attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarde...

Spring Security OAuth vulnerable to remote code execution (RCE)

Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, and prior to 2.0.15 contain a remote code execution vulnerability. An attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarde...

Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal

In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

Git Submodule - Arbitrary Code Execution

CVE-2018-17456 I've gotten a couple of questions about exploitation for the recent RCE in Git. So here we go with some technical details. TL;DR Here is a PoC repository. EDB Note: Mirror https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/45631.zip Exploitation The...

Git Submodule - Arbitrary Code Execution

Git Submodule - Arbitrary Code Execution CVE-2018-17456 I've gotten a couple of questions about exploitation for the recent RCE in Git. So here we go with some technical details. TL;DR Here is a PoC repository. EDB Note: Mirror...

Microsoft Edge browser-explosive high-risk vulnerabilities, controlled by computer-executable any command-vulnerability warning-the black bar safety net

10 on 12 May, security researchers released a Windows Shell REC（ CVE-2018-8495, the vulnerability proof of concept code, the affected software for Windows 10 built-in Microsoft Edge, the attacker can use the code through the Microsoft Edge browser on the remote computer to run malicious code. It ...

Remote Code Execution (RCE)

pippo-xstream is vulnerable to remote code execution. The XstreamEngine component does not validate XML data before unmarshalling, which may lead to arbitrary code execution via a command to java.lang.ProcessBuilder when using XML data containing malicious types...

CVE-2018-18240

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling...

CVE-2018-18240

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling...

CVE-2018-18240

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling...

Remote Code Execution (RCE)

Microsoft ChakraCore is susceptible to remote code execution RCE. The vulnerability exists because of a flaw in the edge bounty program, leading to a loophole for the attack. This vulnerability also affects Microsoft Edge. This CVE is different from CVE-2018-8505, CVE-2018-8510, CVE-2018-8511,...

Remote Code Execution (RCE)

Microsoft.ChakraCore is vulnerable to remote code execution RCE attacks. The vulnerability exists in Chakra::TypeConfusion816 JIT of lib/RuntimeLanguage/JavascriptOperators.cpp where the memory could be corrupted and eventually cause the RCE attack...

Paramiko Authentication Bypass vulnerability

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity...