Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems

The vulnerability is 'critical' with a CVSS severity rating of 9.8 out of 10.

Threatpost
Open in Source
#vulnerability#google#microsoft#git#rce#auth
CVE-2021-41739: Artica Proxy 4.30 cyrus.events.php RCE - rootless - Medium

A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp.

F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability

Cloud security and application delivery network (ADN) provider F5 on Wednesday released patches to contain 43 bugs spanning its products. Of the 43 issues addressed, one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity. Chief among the flaws is CVE-2022-1388, which carries a CVSS score of 9.8 out of a maximum of 10 and stems from a lack of

CVE-2022-20753: Cisco Security Advisory: Cisco Small Business RV Series Routers Remote Code Execution Vulnerability

A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.

CVE-2022-28940: 0day/新华三magicR100存在DOS攻击漏洞分析.md at main · zhefox/0day

In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.

CVE-2022-28940: 0day/新华三magicR100存在DOS攻击漏洞分析.md at main · zhefox/0day

In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.

CVE-2022-28096: Remote code execution vulnerability in /SkycaijiApp/admin/controller/Develop.php · Issue #39 · zorlan/skycaiji

Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php.

Critical RCE Bug Reported in dotCMS Content Management Software

A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in Java and "used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-sized businesses." The critical flaw, tracked as CVE-2022-26352, stems from a directory traversal attack when performing file uploads, enabling an