Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2022-4395

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.

CVE
Open in Source
#wordpress#php#rce#auth
Debian Security Advisory 5332-1

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

Critical Realtek Vulnerability Impacting IoT Devices Worldwide

By Deeba Ahmed This is a critical vulnerability affecting almost 190 models of devices from 66 different manufacturers. This is a post from HackRead.com Read the original post: Critical Realtek Vulnerability Impacting IoT Devices Worldwide

Realtek Vulnerability Under Attack: 134 Million Attempts in 2 Months to Hack IoT Devices

Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. Close to 50% of the attacks

GHSA-mf6x-hrgr-658f: Eta vulnerable to Code Injection via templates rendered with user-defined data

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.

CVE-2022-25967

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.

CVE-2022-48116: AyaCMS v3.1.2 has RCE vulnerability · Issue #10 · loadream/AyaCMS

AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php.

CVE-2021-41144: Fix for authenticated remote code execution through layout update

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.

CVE-2021-41143: Release v19.4.22 · OpenMage/magento-lts

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.

CVE-2022-48008: GitHub - Sakura-501/LimeSurvey-5.4.15-PluginUploadtoRCE: In LimeSurvey5.4.15, it has a vulnerability in index.php/admin/pluginmanager which can lead to RCE

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.