Zabbix 6.4.17rc1 Remote Code Execution

Zabbix server version 6.4.17rc1 remote code execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Zabbix server v 6.4.17rc1 PHP Code Injection...

PSV-2023-0039

creationtimestamp| type| source ---|---|--- 2025-02-01 12:00:00+00:00| seen| https://kb.netgear.com/000066558/Security-Advisory-for-Unauthenticated-RCE-on-Some-WiFi-Routers-PSV-2023-0039 2025-02-10 18:21:16+00:00| seen| https://nvd.nist.gov/vuln/detail/CVE-2025-25246...

Windows Bug Class: Accessing Trapped COM Objects with IDispatch

Posted by James Forshaw, Google Project Zero Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. This is because they're designed to support a wide range of...

CVE-2025-21186

Microsoft Access Remote Code Execution Vulnerability...

PT-2024-9899

Name of the Vulnerable Software and Affected Versions DrayTek Vigor2960 and Vigor300B version 1.5.1.4 Description A critical vulnerability exists in the Web Management Interface of DrayTek Vigor2960 and Vigor300B. The issue is related to the manipulation of the session argument in the...

PT-2024-10174 · Iptraf-Ng +3 · Iptraf-Ng +3

Name of the Vulnerable Software and Affected Versions: iptraf-ng version 1.2.1 Description: The issue is related to a stack-based buffer overflow in the iptraf-ng utility, which can be exploited by a remote attacker to execute arbitrary code. This occurs due to the strcpy function in src/ifaces.c...

PT-2024-7609 · Qurouter · Qurouter

Name of the Vulnerable Software and Affected Versions: QuRouter versions prior to 2.4.5.032 Description: A SQL injection vulnerability has been reported to affect QuRouter, allowing remote attackers to inject malicious code if exploited. The vulnerability is related to errors in processing input...

EulerOS Virtualization 2.12.1 : openssh (EulerOS-SA-2024-2756)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not...

MGASA-2024-0154 Updated libarchive packages fix security vulnerability

Remote Code Execution Vulnerability. CVE-2024-26256...

CVE-2023-36778 Microsoft Exchange Server Remote Code Execution Vulnerability

...

CVE-2022-41326

The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application...

ROS-2-1719

2.1719 Multiple vulnerabilities in Redis CVE-2021-29477,CVE-2021-29478 1. Vulnerability Description: A vulnerability exists due to an integer overflow in the STRALGO LCS command. A remote attacker could pass specially crafted data to an application, cause an integer overflow, and execute arbitrar...

CVE-2021-31580

The restricted shell provided by Akkadian Provisioning Manager Engine PME can be bypassed by switching the OpenSSH channel from shell to exec and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 and later, Akkadian Provisioning...

Debian DLA-2650-1 : exim4 security update

The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution. Details can be found in the Qualys advisory at https://www.qualys.com/2021/05/04/21nails/21nails.txt For Debian 9 stretch, these...

[SECURITY] [DLA 1979-1] italc security update

Package : italc Version : 1:2.0.2+dfsg1-2+deb8u1 CVE ID : CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 CVE-2016-9941 CVE-2016-9942 CVE-2018-6307 CVE-2018-7225 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023...

CVE-2019-10068

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...

Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker...

Node.js third-party modules: [html-pages] Path Traversal in html-pages module allows to read any file from the server with curl

Hi, This report is about Directory Traversal vulnerability I found in html-pages module. Module: html-pages is a module which allows to browse directories and serve static files in the browser. The vulnerability exists in the latest available version 2.0.7 Link to npm page:...

Haraka 2.8.9 - Remote Command Execution

Haraka 2.8.9 - Remote Command Execution !/usr/bin/python Exploit Title: Harakiri ShortDescription: Haraka comes with a plugin for processing attachments. Versions before 2.8.9 can be vulnerable to command injection Exploit Author: xychix xychix at hotmail.com / mark at outflank.nl Date: 26 Januar...

MS11-030: Vulnerability in DNS Resolution could allow remote code execution: April 12, 2011

MS11-030: Vulnerability in DNS Resolution could allow remote code execution: April 12, 2011 INTRODUCTION Microsoft has released security bulletin MS11-030. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...