Lucene search
K

15286 matches found

Github Security Blog
Github Security Blog
added 2023/07/12 12:31 p.m.46 views

RocketMQ NameServer component Code Injection vulnerability

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...

9.8CVSS9.8AI score0.90036EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/07/12 10:15 a.m.33 views

CVE-2023-37582

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...

9.8CVSS9.8AI score
Exploits0References2
Prion
Prion
added 2023/07/12 10:15 a.m.24 views

Design/Logic Flaw

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...

7.5CVSS9.5AI score0.96604EPSS
Exploits11References2Affected Software1
CVE
CVE
added 2023/07/12 9:26 a.m.134 views

CVE-2023-37582

The CVE-2023-37582 entry concerns Apache RocketMQ’s NameServer remote code execution when addresses are exposed on the extranet and permission checks are missing. The vulnerability stems from insufficient access control in the update configuration path, enabling commands to execute as the RocketM...

9.8CVSS9.8AI score0.90036EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.15 views

PT-2023-4093 · Apache · Rocketmq

Name of the Vulnerable Software and Affected Versions: RocketMQ versions prior to 4.9.7 RocketMQ versions prior to 5.1.2 Description: The vulnerability in the RocketMQ NameServer component allows for remote command execution. This issue arises when NameServer addresses are exposed on the extranet...

10CVSS7.9AI score0.90036EPSS
Exploits1References18
NVD
NVD
added 2023/07/11 3:15 p.m.17 views

CVE-2023-37659

xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...

9.8CVSS9.6AI score0.01406EPSS
Exploits1References1
OSV
OSV
added 2023/07/11 3:15 p.m.15 views

CVE-2023-37659

xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...

9.8CVSS7.4AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/07/11 3:15 p.m.3 views

CVE-2023-37659

xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...

9.8CVSS7.4AI score0.01406EPSS
Exploits1References2
PyPA
PyPA
added 2023/07/11 3:15 p.m.5 views

PYSEC-2023-116

xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...

9.8CVSS7.2AI score0.01406EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/07/11 3:15 p.m.19 views

Command injection

xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...

7.5CVSS9.6AI score0.01406EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2023/07/11 2:15 p.m.23 views

CVE-2023-37656

WebsiteGuide v0.2 is vulnerable to Remote Command Execution RCE via image upload...

9.8CVSS9.7AI score0.01301EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/07/11 2:15 p.m.3 views

CVE-2023-37656

WebsiteGuide v0.2 is vulnerable to Remote Command Execution RCE via image upload...

9.8CVSS7.4AI score0.01301EPSS
Exploits1References2
OSV
OSV
added 2023/07/11 2:15 p.m.17 views

CVE-2023-37656

WebsiteGuide v0.2 is vulnerable to Remote Command Execution RCE via image upload...

9.8CVSS7.4AI score
Exploits0References1
Prion
Prion
added 2023/07/11 2:15 p.m.19 views

Design/Logic Flaw

WebsiteGuide v0.2 is vulnerable to Remote Command Execution RCE via image upload...

7.5CVSS9.5AI score0.01301EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.13 views

xalpha 代码注入漏洞

xalpha is the full process management of a fund investment by Shixin Zhang, an individual developer in China. A security vulnerability exists in xalpha version v0.11.4, which stems from vulnerability to Remote Command Execution RCE attacks...

9.8CVSS8.4AI score0.01406EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/07/11 12:0 a.m.2 views

PT-2023-26064 · Xalpha · Xalpha

Name of the Vulnerable Software and Affected Versions: xalpha version 0.11.4 Description: The issue concerns Remote Command Execution RCE due to improper validation of user input, which is not checked to ensure it contains numerical values before being evaluated. Recommendations: For xalpha versi...

9.8CVSS9.5AI score0.01406EPSS
Exploits1References9
Cvelist
Cvelist
added 2023/07/11 12:0 a.m.38 views

CVE-2023-37659

xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...

9.9AI score0.01406EPSS
Exploits1References1
0day.today
0day.today
added 2023/07/11 12:0 a.m.342 views

Spring Cloud 3.2.2 - Remote Command Execution Exploit

Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...

9.8CVSS7.1AI score0.99939EPSS
Exploits36
Vulnrichment
Vulnrichment
added 2023/07/11 12:0 a.m.19 views

CVE-2023-37659

xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...

7AI score0.01406EPSS
Exploits1References1
CVE
CVE
added 2023/07/11 12:0 a.m.46 views

CVE-2023-37656

CVE-2023-37656 affects WebsiteGuide v0.2. The vulnerability is Remote Command Execution (RCE) via image upload, with a high-severity CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The Connected documents provide no explicit remediation steps or patched versions. There is no de...

9.8CVSS9.6AI score0.01301EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder