15286 matches found
RocketMQ NameServer component Code Injection vulnerability
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
CVE-2023-37582
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
Design/Logic Flaw
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
CVE-2023-37582
The CVE-2023-37582 entry concerns Apache RocketMQ’s NameServer remote code execution when addresses are exposed on the extranet and permission checks are missing. The vulnerability stems from insufficient access control in the update configuration path, enabling commands to execute as the RocketM...
PT-2023-4093 · Apache · Rocketmq
Name of the Vulnerable Software and Affected Versions: RocketMQ versions prior to 4.9.7 RocketMQ versions prior to 5.1.2 Description: The vulnerability in the RocketMQ NameServer component allows for remote command execution. This issue arises when NameServer addresses are exposed on the extranet...
CVE-2023-37659
xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...
CVE-2023-37659
xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...
CVE-2023-37659
xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...
PYSEC-2023-116
xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...
Command injection
xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...
CVE-2023-37656
WebsiteGuide v0.2 is vulnerable to Remote Command Execution RCE via image upload...
CVE-2023-37656
WebsiteGuide v0.2 is vulnerable to Remote Command Execution RCE via image upload...
CVE-2023-37656
WebsiteGuide v0.2 is vulnerable to Remote Command Execution RCE via image upload...
Design/Logic Flaw
WebsiteGuide v0.2 is vulnerable to Remote Command Execution RCE via image upload...
xalpha 代码注入漏洞
xalpha is the full process management of a fund investment by Shixin Zhang, an individual developer in China. A security vulnerability exists in xalpha version v0.11.4, which stems from vulnerability to Remote Command Execution RCE attacks...
PT-2023-26064 · Xalpha · Xalpha
Name of the Vulnerable Software and Affected Versions: xalpha version 0.11.4 Description: The issue concerns Remote Command Execution RCE due to improper validation of user input, which is not checked to ensure it contains numerical values before being evaluated. Recommendations: For xalpha versi...
CVE-2023-37659
xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...
Spring Cloud 3.2.2 - Remote Command Execution Exploit
Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...
CVE-2023-37659
xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...
CVE-2023-37656
CVE-2023-37656 affects WebsiteGuide v0.2. The vulnerability is Remote Command Execution (RCE) via image upload, with a high-severity CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The Connected documents provide no explicit remediation steps or patched versions. There is no de...