CVE-2024-38018 Microsoft SharePoint Server Remote Code Execution Vulnerability

...

Exploit for Insufficient Session Expiration in Totolink T8_Firmware

CVE-2022-0944: Privilege Escalation Vulnerability in OverlayFS...

Exploit for Code Injection in Sqlpad

SQLPad RCE Exploit This repository contains an exploit script...

pyload-ng vulnerable to RCE with js2py sandbox escape

Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...

CVE-2024-44335

D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution RCE via versionupgrade.asp...

Exploit for Code Injection in Sqlpad

CVE-2022-0944 A proof of concept exploit for SQLPad RCE CVE...

Malicious code in ori-gabriel-rce-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f71bb03bb69baf10b63677477b19ab39b9793ad35b10850961a6ee291b10c1f The OpenSSF Package Analysis project identified 'ori-gabriel-rce-test' @ 1.0.1 npm as malicious. It is considered malicious because: - The packa...

MAL-2024-9745 Malicious code in ori-gabriel-rce-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f71bb03bb69baf10b63677477b19ab39b9793ad35b10850961a6ee291b10c1f The OpenSSF Package Analysis project identified 'ori-gabriel-rce-test' @ 1.0.1 npm as malicious. It is considered malicious because: - The packa...

CVE-2024-40710

A series of related high-severity vulnerabilities, the most notable enabling remote code execution RCE as the service account and extraction of sensitive information savedcredentials and passwords. Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within...

Exploit for Reliance on File Name or Extension of Externally-Supplied File in Spip

😈 SPIP BigUp Unauthenticated RCE Exploit 😈 📜 Description...

GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware

A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug...

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-39338, CVE-2024-4068, CVE-2021-23727)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw...

Exploit for Code Injection in Wpml

CVE-2024-6386 - RCE via Twig SSTI in WPML PoC PoC on Pyth...

CVE-2024-8463

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell...

CVE-2024-8463 File upload restriction bypass vulnerability in Job Portal

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell...

CVE-2024-8463 File upload restriction bypass vulnerability in Job Portal

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell...

CVE-2024-8463

CVE-2024-8463 affects PHPGurukul Job Portal 1.0, where an unrestricted file upload vulnerability can be exploited by an authenticated user to achieve remote code execution via a webshell. Public sources (NVD/CNNVD/CVELIST) describe a file upload restriction bypass as the core issue; impact is aut...

CVE-2024-45507 Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE

Server-Side Request Forgery SSRF, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...

CVE-2024-45507 Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE

Server-Side Request Forgery SSRF, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...

CVE-2024-44809

A remote code execution RCE vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that...