D7 Media - Critical - Remote Code Execution - SA-CONTRIB-2018-020

The Media module provides an extensible framework for managing files and multimedia assets, regardless of whether they are hosted on your own site or a third party site. The module contained a vulnerability similar to SA-CORE-2018-004, leading to a possible remote code execution RCE attack...

WordPress Woo Import Export 1.0 Arbitrary File Deletion

...

WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion

...

Apache Struts REST Plugin OGNL Expression Handling RCE

Remote command execution vulnerability in Apache Struts REST Plugin OGNL expression handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Foxit Reader XFA field Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of fiel...

CVE-2018-1273: RCE with Spring Data Commons

...

Jolokia Vulnerabilities - RCE & XSS(CVE-2018-1000130,CVE-2018-1000129)

Recently, during a client engagement, Gotham Digital Science found a couple of zero-day vulnerabilities in the Jolokia service. Jolokia is an open source product that provides an HTTP API interface for JMX Java Management Extensions technology. It contains an API we can use for calling MBeans...

CVE-2018-8736

A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root...

CVE-2018-8736

A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root...

CVE-2018-8735

Remote command execution RCE vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection...

Privilege escalation

A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root...

Schneider Electric InduSoft Web Studio RCE (Apr 2018)

An installed version of Schneider Electric InduSoft Web Studio is vulnerable to RCE and therefore requires a security update. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid109144; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...

Google Drive for WordPress plugin <=2.2 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability found by Lenon Leite in Google Drive for WordPress plugin versions =2.2. Solution Attention! This plugin was closed on 2018 January 26 by WordPress security team and is no longer available for download. Deactivate and uninstall!...

CVE-2018-8736

Nagios XI is vulnerable to CVE-2018-8736: a privilege-escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 that enables an attacker to leverage an RCE to gain root. Public mentions confirm affected versions include 5.2.x–5.4.x up to 5.4.12, with exploitation workflows described...

CVE-2018-8735

CVE-2018-8735 is an OS command injection vulnerability in Nagios XI 5.2.x through 5.4.x that allows remote command execution. Public details describe an attacker able to run arbitrary commands on the target system, with affected versions prior to 5.4.13. Connected documents document an associated...

CVE-2018-8736

A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root...

Schneider Electric InTouch Machine Edition RCE (Apr 2018)

An installed version of Schneider Electric InTouch Machine Edition is vulnerable to RCE and therefore requires a security update. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid109143; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...

Drupalgeddon2 Drupal Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon2', 'Description' = %q CVE-2018-7600 / SA-CORE-2018-002 Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before...

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 Drupalgeddon2 Remote Code Execution Exploit

Exploit for php platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon2', 'Description' = %q CVE-2018-7600 / SA-CORE-2018-002 Drupal before 7.58, 8.x...

InduSoft Web Studio < v8.1 + SP1 RCE

Binary data 700241.prm...