1284 matches found
Exploit for Path Traversal in Igniterealtime Openfire
CVE-2023-32315-POC CVE-2023-32315-Openfire-Bypass-Py O...
3CX Phone System Detection Consolidation
Consolidation of 3CX Phone System detections. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if description...
WordPress 4.1.x < 4.1.38 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...
GitLab GitHub Repo Import Deserialization Remote Code Execution Exploit
An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested defaultbranch. GitLab will cache this object and then deserialize it when...
OpenTSDB 2.4.0 Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 CVE-2020-35476 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If...
Apache Commons Detection (Linux/Unix SSH Login)
SSH login-based detection of Apache Commons and its components. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...
ChurchInfo 1.2.13-1.3.0 Authenticated RCE
This module exploits the logic in the CartView.php page when crafting a draft email with an attachment. By uploading an attachment for a draft email, the attachment will be placed in the /tmpattach/ folder of the ChurchInfo web server, which is accessible over the web by any user. By uploading a...
Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to Identity Spoofing (CVE-2022-22476)
Summary Liberty for Java for IBM Cloud is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0...
Gitea 1.16.6 Remote Code Execution
Exploit Title: Gitea Git Fetch Remote Code Execution Date: 09/14/2022 Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea...
PT-2022-16201 · Aruba · Arubaos-Cx Switches
Name of the Vulnerable Software and Affected Versions: ArubaOS-CX Switches versions 10.10.0002 and below ArubaOS-CX Switches versions 10.09.1020 and below ArubaOS-CX Switches versions 10.08.1060 and below ArubaOS-CX Switches versions 10.06.0200 and below Description: A vulnerability in the...
ZoneMinder Language Settings Remote Code Execution Exploit
This Metasploit module exploits an arbitrary file write in the debug log file option chained with a path traversal in the language settings that leads to remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 This module requires Metasploit:...
ZoneMinder Language Settings Remote Code Execution
This module exploits arbitrary file write in debug log file option chained with a path traversal in language settings that leads to a remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 Module Options msf use exploit/unix/webapp/zoneminderlangexec...
Photo Gallery < 1.6.3 - Unauthenticated SQL Injection
The plugin does not properly escape the $POST'filtertag' parameter, which is appended to an SQL query, making SQL Injection attacks possible. POST /wp-admin/admin-ajax.php?imageid=123 HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: zh,en;q=0.5 Accept-Encoding: gzip,...
Icinga Web 2 Detection (Linux/Unix SSH Login)
SSH login-based detection of Icinga Web 2. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.170046...
APISIX Admin API default access token RCE
Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1 that can be used to access all of the admin API, which leads to remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass the IP...
OPENSUSE-SU-2022:0061-1 Security update for mc
This update for mc fixes the following issues: Midnight Commander 4.8.27: Core - Reimplement version detection 3603, 4249 - Significantly reduce rebuilt time after version change 2252, 4266 - Drop automatic migration of configuration from /.mc to XDG-based directories 3682 - zsh: support custom...
WordPress 3.8.x < 3.8.37 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS vulnerability through post slugs. - An object injection vulnerability in some multisite installations. - A SQL injection vulnerability in...
WordPress 4.7.x < 4.7.22 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS vulnerability through post slugs. - An object injection vulnerability in some multisite installations. - A SQL injection vulnerability in...
Exploit for Code Injection in Gitlab
CVE-2021-22205 GitLab CE/EE Preauth RCE using ExifTool This...
F5 Networks BIG-IP : OpenSSL vulnerability (K24624116)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K24624116 advisory. Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length...