SUSE CVE-2023-30534

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti's vendor directory phpseclib, the necessary gadgets are not included, making them inaccessible an...

fastjson-remote-code-execute-poc

This is a Java-based proof-of-concept PoC exploit for a remote code execution RCE vulnerability in the FastJSON library, version 1.2.24. The exploit is designed to be used with IntelliJ IDEA, a popular integrated development environment IDE for Java development. The exploit consists of two main...

Debian dsa-5862 : cacti - security update

The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5862 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5862-1 [email protected] https://www.debian.org/securit...

Exploit for OS Command Injection in Cacti

Command injection vulnerability in Cacti CVE-2023-39362 - Po...

DEBIAN-CVE-2023-39362

Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlyin...

DEBIAN-CVE-2023-39364

Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The authchangepassword.php file accepts ref as a URL parameter and...

UBUNTU-CVE-2023-30534

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory phpseclib, the necessary gadgets are not included, making them inaccessible an...

Design/Logic Flaw

Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The authchangepassword.php file accepts ref as a URL parameter and...

CVE-2023-30534

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory phpseclib, the necessary gadgets are not included, making them inaccessible an...

CVE-2023-30534 Insecure Deserialization in Cacti

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory phpseclib, the necessary gadgets are not included, making them inaccessible an...

WordPress plugin Download Attachments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Download Attachments Plugin <= 1.2.24 is vulnerable to Cross Site Scripting (XSS)

Software Download Attachments Type Plugin Vulnerable versions = 1.2.24 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0076 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d4020e1c310d Credits Lana Codes...

CVE-2022-23435

decoding.c in android-gif-drawable before 1.2.24 does not limit the maximum length of a comment, leading to denial of service...

fastjson-poc

This is a Java-based proof-of-concept PoC code for exploiting a remote code execution RCE vulnerability in the FastJSON library, specifically in versions 1.2.22 to 1.2.24. The code is designed to bypass the autotype mechanism in FastJSON, which is a security feature that prevents certain types of...

Easy AVI DivX Converter 1.2.24 Buffer Overflow

!/usr/bin/python Exploit Title: Easy AVI DivX Converter 1.2.24 - 'Enter User Name' Field Buffer Overflow SEH Date: 24-08-2017 Exploit Author: Anurag Srivastava Website: www.pyramidcyber.com Vulnerable Software: Easy AVI DivX Converter Vendor Homepage: http://www.divxtodvd.net/ Version: 1.2.24...