CVE-2016-10577

CVE-2016-10577 concerns the ibm_db Node.js interface to IBM DB2/Informix. The affected library (ibm_db before 1.0.2) downloads binary resources over HTTP, exposing users to MITM modification or interception of binaries. The documentation states that a remote attacker positioned on the network cou...

CVE-2016-10590

CVE-2016-10590 affects the Node.js wrapper cue-sdk-node, which downloads zipped resources over HTTP. The underlying issue is insecure HTTP transfers that enable a MITM attacker to swap the requested zip with a malicious one, potentially enabling remote code execution on the host. The public advis...

D-Link DSL-2750B Remote Command Execution

A remote code execution vulnerability has been reported in D-Link DSL-2750B routers. Successful exploitation could lead to arbitrary code execution on the vulnerable device...

IBM QRadar SIEM Code Execution / Authentication Bypass

Hi all, 3 vulns in IBM QRadar SIEM that when chained allow an attacker to achieve unauthenticated RCE as root on the QRadar host. IBM have only attributed on CVE for all 3 vulns, and they have a combined CVSS score of 5.6. So totally own a SIEM = 5.6 CVSS. Sounds right to me. A special thanks to...

Monstra CMS <= 3.0.4 Multiple Vulnerabilities

Monstra CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Remote Code Execution (RCE)

libfontforge.so is vulnerable to remote code execution RCE attacks. A malicious user can pass an otf file to the strnmatch function in char.c to cause a buffer overflow that can crash the application or cause arbitrary code to be executed...

Remote Code Execution (RCE) Through Buffer Overflow

libfontforge.so is vulnerable to remote code execution RCE attacks through buffer overflow. A malicious user can pass a ttf file to the readcffset function in parsettf.c to cause a buffer overflow that can crash the application or cause arbitrary code to be executed...

See how do I find the value of 3 thousand 6 thousand USD Google RCE vulnerability-vulnerability warning-the black bar safety net

! This article tells the story of the Uruguayan public University, 18-year-old student Ezequiel Pereira found Google highest level RCE vulnerability-related process. In the beginning of the year, Ezequiel found Google Google App Engine GAEis a non-production environment of a vulnerability, exploi...

Automattic: RCE via Print function [Simplenote 1.1.3 - Desktop app]

In Simplenote 1.1.3 - Desktop app there is a stored XSS vulnerability that can be used to execute arbitrary code. If there is malicious code in the note and the user tries to print it for example to save it as a PDF, the malicious code runs. This report is based on the report 291539, by Yasin...

CVE-2018-5487

NetApp OnCommand Unified Manager for Linux (versions 7.2–7.3) is affected. The JMX RMI service is bound to the network, enabling unauthenticated remote code execution. Documented by multiple sources (NVD entry CVE-2018-5487 and CNVD-2018-10340) withImpact described as remote arbitrary code execut...

Hackers are exploiting a new zero-day flaw in GPON routers

Even after being aware of various active cyber attacks against the GPON Wi-Fi routers, if you haven't yet taken them off the Internet, then be careful—because a new botnet has joined the GPON party, which is exploiting an undisclosed zero-day vulnerability in the wild. Security researchers from...

Joomla 'com_fields' RCE Vulnerability (20180506)

Joomla is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

CVE-2017-2617

The set of connected sources confirms a vulnerability in hawtio prior to version 1.5.5 that allows remote code execution via file upload. An attacker can upload a crafted file to the Hawtio web console, which could be executed on the target host where Hawtio is deployed. Red Hat’s advisory (RHSA-...

Remote Code Execution (RCE)

dolibarr/dolibarr is susceptible to remote code execution RCE. The vulnerability can be triggered because it grants authentication and replaces an antivirus command with a malicious payload once the administrator is tricked to click a malicious link...

GitBucket 4.23.1 - Remote Code Execution

GitBucket 4.23.1 - Remote Code Execution Exploit Title: GitBucket 4.23.1 Unauthenticated RCE Date: 21-05-2018 Software Link: https://github.com/gitbucket/gitbucket Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1...

GitBucket 4.23.1 - Remote Code Execution

Exploit Title: GitBucket 4.23.1 Unauthenticated RCE Date: 21-05-2018 Software Link: https://github.com/gitbucket/gitbucket Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1. Description Abusing weak secret token and...

Nanopool Claymore Dual Miner APIs RCE

This module takes advantage of miner remote manager APIs to exploit an RCE vulnerability. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nanopool Claymore Dual Miner APIs RCE', 'Description' =...

HPE iMC 7.3 - Remote Code Execution (Metasploit)

HPE iMC 7.3 - Remote Code Execution Metasploit Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link:...

CVE-2018-1178

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-9953

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9953. The vulnerability lies in the XFA resolveNodes method of Button elements, where code executes without validating the existence of an object before performing operations. This allows remote code execution with the current process context and re...