Exchange Server - Remote Code Execution

Microsoft Exchange Server is vulnerable to a remote code execution vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. id: CVE-2021-34473 info: name: Exchange Server - Remote Code Execution author: arcc,intx0x80,dwisiswant0,r3dg33k severity: critical description: | Microsoft...

Zoho ManageEngine Desktop Central - Remote Code Execution

Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server. id: CVE-2021-44515 info: name: Zoho ManageEngine Desktop Central - Remote Code Execution author: Adam Crosser severity:...

Ivanti EPM Cloud Services Appliance Code Injection

Ivanti EPM Cloud Services Appliance CSA before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions nobody. id: CVE-2021-44529 info: name: Ivanti EPM Cloud Services Appliance Code Injection...

GitLab CE/EE - Remote Code Execution

GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for...

Sitecore Experience Platform Pre-Auth RCE

Sitecore XP 7.5 to Sitecore XP 8.2 Update 7 is vulnerable to an insecure deserialization attack where remote commands can be executed by an attacker with no authentication or special configuration required. id: CVE-2021-42237 info: name: Sitecore Experience Platform Pre-Auth RCE author: pdteam...

WordPress Perfect Survey <1.5.2 - SQL Injection

Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection. id: CVE-2021-24762 info: name: WordPress Perfect Survey 1.5.2 - SQL...

Nagios XI 5.7.5 - Cross-Site Scripting

Nagios XI 5.7.5 contains a cross-site scripting vulnerability in the file /usr/local/nagiosxi/html/admin/sshterm.php, due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal session cookies, or it can be chained with th...

Apache Tapestry - Remote Code Execution

Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the...

Microsoft Open Management Infrastructure - Remote Code Execution

Microsoft Open Management Infrastructure is susceptible to remote code execution OMIGOD. id: CVE-2021-38647 info: name: Microsoft Open Management Infrastructure - Remote Code Execution author: daffainfo,xstp severity: critical description: Microsoft Open Management Infrastructure is susceptible t...

Node.JS System Information Library <5.3.1 - Remote Command Injection

Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. id: CVE-2021-21315 info: name: Node.JS System...

Confluence Server - Remote Code Execution

Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version...

VMware vSphere Client (HTML5) - Remote Code Execution

VMware vCenter vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. Th...

Eclipse Jetty - Information Disclosure

Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive informatio...

Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution

Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal. id: CVE-2021-40870 info: name: Aviatrix Controller 6.x before 6.5-1804.192...

Adminer <4.7.9 - Server-Side Request Forgery

Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized...

Apache Druid - Local File Inclusion

Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of t...

Microsoft Exchange - Authentication Bypass

Microsoft Exchange Server Information Disclosure Vulnerability. This vulnerability enables an attacker to bypass authentication and gain access to the Exchange Server's internal. id: CVE-2021-33766 info: name: Microsoft Exchange - Authentication Bypass author: daffainfo severity: high description...

Apache Struts2 S2-062 - Remote Code Execution

Apache Struts2 S2-062 is vulnerable to remote code execution. The fix issued for CVE-2020-17530 S2-061 was incomplete, meaning some of the tag's attributes could still perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. id: CVE-2021-31805 info: name...

Microsoft Exchange Server SSRF Vulnerability

This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or...

Ivanti Avalanche 6.3.2 - Local File Inclusion

Ivanti Avalanche 6.3.2 is vulnerable to local file inclusion because it allows remote unauthenticated user to access files that reside outside the 'image' folder. id: CVE-2021-30497 info: name: Ivanti Avalanche 6.3.2 - Local File Inclusion author: gy741 severity: high description: Ivanti Avalanch...

Zoho ManageEngine ServiceDesk Plus - Authentication Bypass

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. id: CVE-2021-37415 info: name: Zoho ManageEngine ServiceDesk Plus - Authentication Bypass author: daffainfo,jjcho severity: critical description: | Zoho...

SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's modcgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware...

XStream 1.4.18 - Remote Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

Apache Log4j2 Remote Code Injection

Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when...

Cisco HyperFlex HX Data Platform - Remote Command Execution

Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-1497 info: name: Cisco HyperFlex HX Data Platform - Remote Command Executio...

Zoho ManageEngine ServiceDesk Plus - Remote Code Execution

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. id: CVE-2021-44077 info: name: Zoho ManageEngine ServiceDesk Plus - Remote Code Execution author: Adam Crosser,gy741...

Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests ca...

Atlassian Jira Limited - Local File Inclusion

Affected versions of Atlassian Jira Limited Server and Data Center are vulnerable to local file inclusion because they allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. id: CVE-2021-26086 info: name: Atlassian Jira Limited - Local...

PHP CGI v5.3.12/5.4.2 Remote Code Execution

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

Axigen Mail Server Filename Directory Traversal

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName parameter in an edi...

TeamCity < 2023.11.4 - Authentication Bypass

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible id: CVE-2024-27198 info: name: TeamCity 2023.11.4 - Authentication Bypass author: DhiyaneshDk severity: critical description: | In JetBrains TeamCity before 2023.11.4 authentication bypass...

Ivanti EPM - Remote Code Execution

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. id: CVE-2024-29824 info: name: Ivanti EPM - Remote Code Execution author: DhiyaneshDK severity: critical description: | ...

Cisco IOS XE Web UI - Command Injection

A vulnerability in the web UI component of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system. This vulnerability is due to improper input validation in the web UI. An attacker could exploit...

Strapi Versions <=4.5.5 - SSTI to Remote Code Execution

Strapi through 4.5.5 allows authenticated Server-Side Template Injection SSTI that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses t...

Adobe ColdFusion - Deserialization of Untrusted Data

Adobe ColdFusion versions 2018u17 and earlier, 2021u7 and earlier and 2023u1 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. id: CVE-2023-38203 info: name:...

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

NextGen Mirth Connect - Remote Code Execution

Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability id: CVE-2023-37679 info: name: NextGen Mirth Connect - Remote Code Execution...

WordPress Sexy Contact Form (<= 0.9.7) - Arbitrary File Upload

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...

Jenkins CLI - HTTP Java Deserialization

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. id: CVE-2016-9299 info: name: Jenkins CLI - HTTP Java Deserialization author:...

NETGEAR WNAP320 Access Point Firmware - Remote Command Injection

NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2016-1555 info: name: NETGEAR WNAP320 Access Point Firmware - Remote Command Injection author: gy741 severity: critical...

ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion

ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. dot dot in the fileName parameter to servlets/FetchFile. id: CVE-2016-6601 info: name: ZOHO WebNMS Framework 5.2 SP1 - Local File Inclusion author: 0xAkoko...

Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass

Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a sessionid cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. id: CVE-2016-7552...

NETGEAR Routers - Authentication Bypass

NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management server. id: CVE-2017-5521 info: name: NETGEAR Routers - Authentication Bypass...

Apache Struts2 S2-053 - Remote Code Execution

Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. id: CVE-2017-9791 info: name: Apache Struts2 S2-053 - Remote Code Execution author: pikpikcu severity: critical description: | Apache...

WordPress PHPMailer < 5.2.18 - Remote Code Execution

WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property in isMail transport. id: CVE-2016-10033 info: name: WordPress PHPMailer 5.2.18 - Remote...

Intel Active Management - Authentication Bypass

Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology AMT and Intel Standard Manageability. A non-privileged local attacker can provision...

PhpColl 2.5.1 Arbitrary File Upload

PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logosclients/ via clients/editclient.php. id: CVE-2017-6090 info: name: PhpColl 2.5.1 Arbitrary File Uplo...

IBM WebSphere Java Object Deserialization - Remote Code Execution

IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector port 8880 by default. id: CVE-2015-7450 info: name: IBM WebSphere Java Object Deserialization - Remote Code Execution author: wdahlenb severity: critical description: IBM Websphere Applicatio...

HTTP File Server <2.3c - Remote Command Execution

HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full...

ElasticSearch v1.1.1/1.2 RCE

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search. Be aware this only violates the vendor's intended security policy if the user does not run...