2179 matches found
CVE-2024-37418
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6...
CVE-2024-37424 WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8...
CVE-2024-37424
CVE-2024-37424 is an Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks (≤3.0.8) that allows uploading a web shell to the server. Root cause: unrestricted upload of dangerous file types. Impact: high (web shell can grant full control). Status: patched in v...
CVE-2024-37420 WordPress Zita Elementor Site Library plugin <= 1.6.1 - Arbitrary Code Execution vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site Library allows Upload a Web Shell to a Web Server.This issue affects Zita Elementor Site Library: from n/a through 1.6.1...
CVE-2024-37418
CVE-2024-37418 is an Unrestricted Upload of File with Dangerous Type in the WordPress plugin Church Admin (affected up to 4.4.6). The issue allows uploading a web shell to the web server and is rated critical (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H; base score 9.9). Public sources in the c...
PT-2024-27541 · Automattic · Newspack Blocks
Name of the Vulnerable Software and Affected Versions: Automattic Newspack Blocks versions 3.0.8 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. Recommendations: For versions 3.0.8 and...
PT-2024-27538 · Unknown · Zita Elementor Site Library
Name of the Vulnerable Software and Affected Versions: Zita Elementor Site Library versions 1.6.1 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, potentially enabling the upload of a web shell to a web server. This could be exploited by uploadi...
Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms
Chamilo-LMS-CVE-2023-4220-Exploit This is an Exploit for Unres...
Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms
Chamilo-LMS-CVE-2023-4220-Exploit This is an Exploit for Unres...
RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations
A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name...
AEGON LIFE 1.0 Remote Code Execution
Exploit Title: Life Insurance Management System- Unauthenticated Remote Code Execution RCE Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/...
AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
Exploit Title: Life Insurance Management System- Unauthenticated Remote Code Execution RCE Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/...
Backdrop CMS 1.27.1 - Remote Command Execution Exploit
Exploit Title: Backdrop CMS 1.27.1 - Remote Command Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS import os import time import...
China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion
The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which came to light last month, singled out MITRE's Networked Experimentation, Research, and Virtualization...
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
hacktheboxoscp 介绍 准备oscp考试过程中做的hackthebox里的oscp向靶机 因为oscp考试内容改变,新增域渗透。所以还有红日出的vulnstack靶场 新增:endgame,fortresses,open beta season对应HTB相应的栏目。是oscp向靶机列表外练手打的 靶机摘要 hackthebox lame lame vsftpd笑脸漏洞烟雾弹,samba服务漏洞才是真凶 legacy ms08-067,但靶机有点问题,除了第一次,后面都连不上端口了 blue blue 神似 修改命名管道,手打ms17-010 Devel Devel 神似...
Exploit for Unrestricted Upload of File with Dangerous Type in Cubecart
Arbitrary File Upload Leads to RCE CVE-2024-33438 CubeCart &...
CVE-2023-31090
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a through 1.5....
CVE-2023-31090
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a through 1.5....
CVE-2023-31090 WordPress Unlimited Elements For Elementor plugin <= 1.5.60 - Unrestricted Zip Extraction vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a through 1.5....
CVE-2023-31090
CVE-2023-31090 affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates) up to version 1.5.60. The issue is described as an Unrestricted Zip Extraction vulnerability, enabling potential code execution/unauthorized access via crafted ZIP handling. Patchstack notes fix in 1.5.61; P...