Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

UliCMS 2023-1 Sniffing-Vicuna Shell Upload

UliCMS version 2023-1 Sniffing-Vicuna suffers from a remote shell upload vulnerability.

Packet Storm
Open in Source
#csrf#vulnerability#web#windows#apple#linux#java#php#rce#auth#chrome#webkit
File Thingie 2.5.7 Shell Upload

File Thingie version 2.5.7 remote shell upload exploit. This exploit is based on the vulnerability priorly discovered by Cakes in September of 2019.

Wolf CMS 0.8.3.1 Shell Upload

Wolf CMS version 0.8.3.1 suffers from a remote shell upload vulnerability.

EasyPHP Webserver 14.1 Path Traversal / Remote Code Execution

EasyPHP Webserver version 14.1 suffers from remote code execution and path traversal vulnerabilities.

CVE-2023-2535: Security Advisories | KNIME

Sensitive information exposure in the Web Frontend of KNIME Business Hub until 1.X allows an unauthenticated attacker to extract information about the system. By making a request to a non-existent URL the system will sensitive information to the caller such as internal IP addresses, hostnames, Istio metadata, internal file paths and more. The problem is fixed in KNIME Business Hub 1.xxx. There is no workaround for previous versions.

CVE-2023-30135: Tenda/8.md at main · DrizzlingSun/Tenda

Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.

CVE-2023-2523: cve/Weaver.md at main · RCEraser/cve

A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Red Hat Security Advisory 2023-2097-03

Red Hat Security Advisory 2023-2097-03 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, deserialization, improper neutralization, information leakage, and remote shell upload vulnerabilities.

Red Hat Security Advisory 2023-2100-01

Red Hat Security Advisory 2023-2100-01 - This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include bypass, code execution, cross site scripting, denial of service, man-in-the-middle, memory exhaustion, resource exhaustion, and traversal vulnerabilities.

CVE-2023-24958: IBM TS7700 Management Interface command injection CVE-2023-24958 Vulnerability Report

A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320.