GHSA-6G56-V9QG-JP92 Heketi Arbitrary Code Execution

A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation...

SUSE-SU-2024:1417-1 Security update for nrpe

This update for nrpe fixes the following issues: CVE-2014-2913: Fixed remote command execution when command arguments are enabled bsc1118590,bsc874743...

CVE-2024-27348

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue...

CVE-2024-27348 Apache HugeGraph-Server: Command execution in gremlin

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue...

CVE-2024-27348

CVE-2024-27348 (Apache HugeGraph-Server) is an improper access control vulnerability in the Gremlin interface that enables remote code execution. Affected: HugeGraph-Server versions from 1.0.0 up to (but not including) 1.3.0, running on Java 8 or Java 11. Root cause: insufficient access controls ...

CVE-2024-27348

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. Recent assessments: jheysel-r7...

SofaWiki 3.9.2 Shell Upload

Exploit Title: SofaWiki 3.9.2 - Remote Command Execution RCE Authenticated Discovered by: Ahmet Ümit BAYRAM Discovered Date: 18.04.2024 Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Tested Version: v3.9.2 latest Tested on: MacOS import...

PT-2024-3193 · D Link · D-Link Dir-822

Name of the Vulnerable Software and Affected Versions: D-Link DIR-822+ version 1.0.5 Description: The issue is related to the ChgSambaUserSettings function in the prog.cgi script of the D-Link DIR-822+ wireless router's firmware. It is caused by the lack of proper sanitization of special elements...

SofaWiki 3.9.2 - Remote Command Execution (Authenticated) Exploit

Exploit Title: SofaWiki 3.9.2 - Remote Command Execution RCE Authenticated Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Tested Version: v3.9.2 latest Tested on: MacOS import requests import random import...

FlatPress v1.3 - Remote Command Execution Exploit

Exploit Title: FlatPress v1.3 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: https://www.flatpress.org Software Link: https://github.com/flatpressblog/flatpress/archive/1.3.zip Tested Version: 1.3 latest Tested on: MacOS import requests import time import random impo...

SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)

Exploit Title: SofaWiki 3.9.2 - Remote Command Execution RCE Authenticated Discovered by: Ahmet Ümit BAYRAM Discovered Date: 18.04.2024 Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Tested Version: v3.9.2 latest Tested on: MacOS import...

FlatPress v1.3 - Remote Command Execution

Exploit Title: FlatPress v1.3 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Discovered Date: 19.04.2024 Vendor Homepage: https://www.flatpress.org Software Link: https://github.com/flatpressblog/flatpress/archive/1.3.zip Tested Version: 1.3 latest Tested on: MacOS import requests...

CVE-2023-50260 Wazuh's vulnerability in host_deny AR script allows arbitrary command execution

Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the hostdeny script allows to write any string in the hosts.deny file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active...

CVE-2024-29204

A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands...

CVE-2024-24995

A Race Condition TOCTOU vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

CVE-2024-22061

A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands...

CVE-2024-24994

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

FlatPress 1.3 Shell Upload

Exploit Title: FlatPress v1.3 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Discovered Date: 19.04.2024 Vendor Homepage: https://www.flatpress.org Software Link: https://github.com/flatpressblog/flatpress/archive/1.3.zip Tested Version: 1.3 latest Tested on: MacOS import requests...

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche prior to version 6.4.3, which stems from a path traversal...

VulnCheck KEV: CVE-2023-37679

A remote command execution RCE vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server...