Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE
#sql#xss#vulnerability#web#ios#android#mac#windows#google#microsoft#linux#cisco#dos#js#git#java#intel#rce#perl#pdf#buffer_overflow#auth#ibm#zero_day#firefox#wifi#ssl
CVE-2022-30450

A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php

CVE-2022-30450

A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php

CVE-2022-30453

ShopWind <= 3.4.2 has a RCE vulnerability in Database.php

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution

This Metasploit module exploits a stack buffer overflow in the Cisco RV series router's SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation easier. Successful execution of this module results in a reverse root shell. A custom payload is used as Metasploit does not have ARMLE null free shellcode. This vulnerability was presented by the Flashback Team in Pwn2Own Austin 2021 and OffensiveCon 2022. For more information check the referenced advisory. This module has been tested in firmware versions 1.0.03.15 and above and works with around 65% reliability. The service restarts automatically so you can keep trying until you pwn it. Only the RV340 router was tested, but other RV series routers should work out of the box.

Ruijie Reyee Mesh Router Remote Code Execution

Ruijie Reyee mesh routers with ReyeeOS version 1.55.1915 EW_3.0(1)B11P35 and EW_3.0(1)B11P55 suffer from a remote code execution vulnerability.

CVE-2021-34605: Code Execution Vulnerabilities Found in XINJE PLC Application

A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vulnerability can be triggered by manually opening an infected project file, or by initiating an upload program request from an infected Xinje PLC. This can result in remote code execution, information disclosure and denial of service of the system running the XINJE XD/E Series PLC Program Tool.

CVE-2021-34605: Code Execution Vulnerabilities Found in XINJE PLC Application

A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vulnerability can be triggered by manually opening an infected project file, or by initiating an upload program request from an infected Xinje PLC. This can result in remote code execution, information disclosure and denial of service of the system running the XINJE XD/E Series PLC Program Tool.

Update now! Microsoft releases patches, including one for actively exploited zero-day

May's Patch Tuesday includes one actively exploited zero-day vulnerability and some other interesting ones. The post Update now! Microsoft releases patches, including one for actively exploited zero-day appeared first on Malwarebytes Labs.

CVE-2022-29318: Car Rental Management System Unrestricted File Upload + Remote Code Execution

An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.