897 matches found
[SECURITY] Fedora 36 Update: et-6.2.1-2.fc36
Eternal Terminal ET is a remote shell that automatically reconnects without interrupting the session...
GHSA-W94P-6MHW-4QXW Improper Access Control in Elasticsearch
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...
WordPress Advanced Uploader plugin arbitrary file upload vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Advanced Uploader plugin 4.2 and previous versions have a file upload vulnerability, which can be...
PHPOK 代码问题漏洞
PHPOK is an enterprise website builder with extended support. A security vulnerability exists in PHPOK v6.1, which originates from a deserialization vulnerability in the updatef function of logincontrol.php in Phpok v6.1, which can be exploited by an attacker to write to an arbitrary file and...
WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload (Authenticated)
Exploit Title: WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload Authenticated Google Dork: - Date: 2022-03-13 Exploit Author: Roel van Beurden Vendor Homepage: - Software Link: https://downloads.wordpress.org/plugin/advanced-uploader.4.2.zip Version: =4.2 Tested on: WordPress 5.9 on...
WordPress plugin Advanced Uploader 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Advanced Uploader plugin 4.2 and previous versions have a file upload vulnerability, which can be...
Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware
Victorian Machinery Victorian Machinery is a proof of concept...
CVE-2022-28560
There is a stack overflow vulnerability in the goform/fastsettingwifiset function in the httpd service of Tenda ac9 15.03.2.21cn router. An attacker can obtain a stable shell through a carefully constructed payload...
CVE-2022-28561
There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21cn router. An attacker can obtain a stable shell through a carefully constructed payload...
CVE-2022-28560
There is a stack overflow vulnerability in the goform/fastsettingwifiset function in the httpd service of Tenda ac9 15.03.2.21cn router. An attacker can obtain a stable shell through a carefully constructed payload...
Exploit for OS Command Injection in Gerapy
CVE-2021-43857 CVE-2021-43857 Gerpy command execution...
Pluck 代码问题漏洞
Pluck is a content management system CMS developed using the PHP language. A code issue vulnerability exists in Pluck CMS version 4.7.16, which stems from a remote shell upload execution vulnerability in Pluck CMS version 4.7.16...
USN-5327-1 netkit-rsh vulnerability
Hiroyuki Yamamori discovered that rsh incorrectly handled certain filenames. If a user or automated system were tricked into connecting to a malicious rsh server, a remote attacker could possibly use this issue to modify directory permissions...
USN-5327-1: rsh vulnerability
Hiroyuki Yamamori discovered that rsh incorrectly handled certain filenames. If a user or automated system were tricked into connecting to a malicious rsh server, a remote attacker could possibly use this issue to modify directory permissions...
Remote shell execution vulnerability in image_processing
Impact When using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input, this allows the attacker to execute shell commands: rb ImageProcessing::Vips.apply system: "echo EXECUTED" EXECUTED This method is called internally by Active Stora...
Remote shell execution vulnerability when applying commands from user input
Impact When using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input, this allows the attacker to execute shell commands: rb ImageProcessing::Vips.apply system: "echo EXECUTED" EXECUTED This method is called internally by Active Stora...
Path traversal
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service zebra or ripd. Subsequen...
CVE-2021-20134
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service zebra or ripd. Subsequen...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4jUnifi Exploiting CVE-2021-44228 in Unifi Network Applicat...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
CVE-2021-44228 Il 9 dicembre 2021 il mondo è venuto a conoscen...