4143 matches found
WordPress wpDiscuz <=7.0.4 - Remote Code Execution
WordPress wpDiscuz plugin versions version 7.0 through 7.0.4 are susceptible to remote code execution. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site's server. id: CVE-2020-24186 info: nam...
Fuel CMS 1.4.7 - SQL Injection
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. id: CVE-2020-17463 info: name: Fuel CMS 1.4.7 - SQL Injection author: Thirukrishnan severity: critical description: | FUEL CMS 1.4.7 allows SQL Injection via the col parameter to...
Apache HTTP Server - Remote Code Execution
Apache HTTP Server 2.4.32 to 2.4.44 contains an info disclosure and possible remote code execution caused by a vulnerability in modproxyuwsgi, letting remote attackers access sensitive information and potentially execute arbitrary code, exploit requires sending crafted requests. id: CVE-2020-1198...
FOSSBilling - Server-Side Template Injection
A Server-Side Template Injection SSTI vulnerability exists in FOSSBilling's template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custom payment adapters, and the stringrender API endpoint can inject arbitrary Twig...
WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. i...
TP-Link Archer C20 - Authentication Bypass
A vulnerability in the TP-Link Archer C20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass authentication on interfaces under the /cgi directory. When adding a Referer header with value "http://tplinkwifi.net" to requests, the router will recognize th...
Ulterius Server < 1.9.5.0 - Directory Traversal
Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs. id: CVE-2017-16806 info: name: Ulterius Server 1.9.5.0 - Directory Traversal author: geeknik severity: high description: Ulterius Server before 1.9.5.0 allow...
nostromo 1.9.6 - Remote Code Execution
nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function httpverify. id: CVE-2019-16278 info: name: nostromo 1.9.6 - Remote Code Execution author: pikpikcu severity: critical description: nostromo nhttpd through 1.9.6 allows an...
Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins. id: CVE-2018-1000600...
GeoServer <1.2.2 - Remote Code Execution
Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via network request are susceptible to remote code execution. The Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects downstream GeoServer 1.1.22. id:...
WordPress Realtyna Organic IDX Plugin <= 4.14.4 - SQL Injection
The Realtyna Organic IDX plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.14.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
GLPI <=10.0.2 - Remote Command Execution
GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module. id: CVE-2022-35914 info: name: GLPI =10.0.2 - Remote Command Execution author: For3stCo1d,allendemoura severity: critical description: | GLPI through 10.0...
EyesOfNetwork - Hardcoded API Key
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key hardcoded as EONAPIKEY in include/apifunctions.php for API version 2.4.2 by default for all installations, hence allowing an attacker to calculate/guess the admin access token. id: CVE-2020-8657 info: name:...
Primetek Primefaces 5.x - Remote Code Execution
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution. id: CVE-2017-1000486 info: name: Primetek Primefaces 5.x - Remote Code Execution author: Moritz Nentwig severity: critical description: Primetek Primefaces 5.x is vulnerable to a weak encryption fl...
Progress Kemp LoadMaster - Command Injection
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. id: CVE-2024-1212 info: name: Progress Kemp LoadMaster - Command Injection author: DhiyaneshDK severity: critical description: | Unauthenticated remote...
Zimbra Collaboration - Unrestricted File Upload
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...
Agentejo Cockpit < 0.11.2 - NoSQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. The $eq operator matches documents where the value of a field equals the specified value. id: CVE-2020-35846 info: name: Agentejo Cockpit 0.11.2 - NoSQL Injection author: dwisiswant0 severity: critic...
CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution
CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information,...
Eclipse Jetty - Information Disclosure
Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive informatio...
Apache Struts2 S2-057 - Remote Code Execution
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...
SPIP - Remote Command Execution
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. id: CVE-2023-27372 info: name: SPIP - Remote Command Execution author: DhiyaneshDK,nuts7 severity: critical description: ...
SAP Memory Pipes (MPI) Desynchronization
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This...
SysAid Server - Remote Code Execution
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. id: CVE-2023-47246 info: name: SysAid Server - Remote Code Execution author: iamnoooob,rootxharsh,pdresearc...
dotCMS Core Publish Audit API - Unauthenticated SQL Injection
dotCMS Core 25.11.04-1 through 26.04.28-02 contains an SQL injection caused by unsanitized input in Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll, letting remote unauthenticated attackers read, modify, or destroy arbitrary database content, exploit requires ...
WP Time Capsule Plugin - Remote Code Execution
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticat...
XWiki < 4.10.20 - Remote code execution
XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user...
Cleo Harmony < 5.8.0.24 - File Upload Vulnerability
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. id: CVE-2024-55956 info: name: Cleo Harmony...
WhatsUp Gold HasErrors SQL Injection - Authentication Bypass
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6670 info: name: WhatsUp Gold HasErrors SQL Injection - Authentication Bypass author: DhiyaneshDK,princechaddha severity:...
Skype for Business 2019 (SfB) - Blind Server-side Request Forgery
Skype Pre-Auth Server-side Request Forgery SSRF vulnerability id: CVE-2023-41763 info: name: Skype for Business 2019 SfB - Blind Server-side Request Forgery author: hateshape severity: medium description: | Skype Pre-Auth Server-side Request Forgery SSRF vulnerability impact: | Unauthenticated...
OctoberCMS - Account Takeover
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. id:...
Apache Struts 2.0.0-2.5.25 - Remote Code Execution
Apache Struts 2.0.0 through Struts 2.5.25 is susceptible to remote code execution because forced OGNL evaluation, when evaluated on raw user input in tag attributes, may allow it. id: CVE-2020-17530 info: name: Apache Struts 2.0.0-2.5.25 - Remote Code Execution author: pikpikcu severity: critical...
DotCMS - Arbitrary File Upload
DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions. id: CVE-2022-26352 info: name: DotCMS - Arbitrary File Upload author: h1ei1 severity: critical description: DotCM...
Oracle Business Intelligence/XML Publisher - XML External Entity Injection
Oracle Business Intelligence and XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 are vulnerable to an XML external entity injection attack. id: CVE-2019-2616 info: name: Oracle Business Intelligence/XML Publisher - XML External Entity Injection author: pdteam severity: high description: Oracle...
Apache Solr <=8.3.1 - Remote Code Execution
Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable,...
Apache Axis2 Default Login
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. id: CVE-2010-02...
Zoho ManageEngine OpManger - Arbitrary File Read
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request. id: CVE-2020-12116 info: name: Zoho ManageEngine OpManger - Arbitrary File Read author:...
ZyXel USG - Hardcoded Credentials
A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP. id: CVE-2020-29583 info: name: ZyXel USG - Hardcoded Credentials autho...
WS_FTP Server - Insecure Deserialization
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. id: CVE-2023-40044 info: name: WSFTP Server - Insecure...
Intel Active Management - Authentication Bypass
Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology AMT and Intel Standard Manageability. A non-privileged local attacker can provision...
Worpress Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote...
Adobe Commerce (Magento) - Remote Code Execution
Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. id: CVE-2022-24086 info: name:...
Ingress-Nginx Controller - Remote Code Execution
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...
CraftCMS - Remote Code Execution
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity...
Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution
Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution. id: CVE-2021-40539 info: name: Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution author:...
Apache Struts 2 - Remote Command Execution
Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a...
Majordomo2 - SMTP/HTTP Directory Traversal
A directory traversal vulnerability in the listfileget function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. dot dot sequences in the help command, as demonstrated using 1 a crafted email and 2 cgi-bin/mjwwwusr in the web interface. id:...
Apache OFBiz - Remote Code Execution
Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server id: CVE-2024-45507 info: name: Apache OFBiz -...
Apache Struts2 S2-052 - Remote Code Execution
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type of filtering, which can lead to remote code execution when deserializing XML payloads. id: CVE-2017-9805 info: name:...
Apache OFBiz - Improper Authorization & Remote Code Execution
Improper Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...
Openfire Administration Console - Authentication Bypass
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...