Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-36548: RCE (Remote Code Execution via Theme Blog Monstra version 3.0.4) · Issue #470 · monstra-cms/monstra

A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file.

CVE
#vulnerability

Related news

CVE-2020-26707: Remote Code Execution(RCE) via insecure command formatting · Issue #2 · shenzhim/aaptjs

An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter.

CVE-2020-36379: Remote Code Execution(RCE) via insecure command formatting · Issue #2 · shenzhim/aaptjs

An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

CVE-2020-36378: Remote Code Execution(RCE) via insecure command formatting · Issue #2 · shenzhim/aaptjs

An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

CVE-2020-36381: Remote Code Execution(RCE) via insecure command formatting · Issue #2 · shenzhim/aaptjs

An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

CVE-2020-36377: Remote Code Execution(RCE) via insecure command formatting · Issue #2 · shenzhim/aaptjs

An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

CVE-2020-36376: Remote Code Execution(RCE) via insecure command formatting · Issue #2 · shenzhim/aaptjs

An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

CVE-2020-36380: Remote Code Execution(RCE) via insecure command formatting · Issue #2 · shenzhim/aaptjs

An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

CVE-2021-36547: Remote Code Execution via File in Mara version 7.5 · Issue #1 · r0ck3t1973/RCE

A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file.

CVE-2021-26610: KrCERT/CC - KISA 인터넷 보호나라&KrCERT

The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.

CVE-2021-39887: HackerOne

A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf.

CVE-2021-39885: HackerOne

A Stored XSS in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names

CVE-2021-33679:

The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence allowing the attacker to compromise their confidentiality and integrity.

CVE-2020-7832: KrCERT/CC - KISA 인터넷 보호나라&KrCERT

A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)

CVE-2019-17326: KrCERT/CC - KISA 인터넷 보호나라&KrCERT

ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.

CVE-2019-17322: KrCERT/CC - KISA 인터넷 보호나라&KrCERT

ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907