Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

BrainyCP 1.0 Remote Code Execution

BrainyCP version 1.0 suffers from a remote code execution vulnerability.

Packet Storm
Open in Source
#vulnerability#linux#php#rce#auth
Online Computer And Laptop Store 1.0 Shell Upload

Online Computer And Laptop Store version 1.0 suffers from a remote shell upload vulnerability.

Goanywhere Encryption Helper 7.1.1 Remote Code Execution

Goanywhere Encryption Helper version 7.1.1 suffers from a remote code execution vulnerability.

dotclear 2.25.3 Shell Upload

dotclear version 2.25.3 suffers from a remote shell upload vulnerability.

CVE-2023-1381

The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution.

CVE-2023-1406

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.

GHSA-rrhf-32rq-f28h: Apache Linkis DatasourceManager module has deserialization vulnerability

In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker can use the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Users should upgrade their version of Linkis to version 1.3.2.

GHSA-qm2h-m799-86rc: Apache Linkis JDBC EngineConn has deserialization vulnerability

In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EngineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Users should upgrade their version of Linkis to version 1.3.2.

CVE-2023-27603

In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2.

CVE-2023-29216

In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.