Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2022-36216: Vulnerability/member_toadmin.poc.md at main · whitehatl/Vulnerability

DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.

CVE
Open in Source
#csrf#vulnerability#web#js#php#rce
CVE-2022-35516: Vulnerability/Login.poc.md at main · whitehatl/Vulnerability

DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.

CVE-2022-36215: Vulnerability/sys_info.poc.md at main · whitehatl/Vulnerability

DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sys_info.php.

CVE-2022-2870: Laravel5.1 Unserialize RCE · Issue #2 · beicheng-maker/vulns

A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206501 was assigned to this vulnerability.

'DarkTortilla' Malware Wraps in Sophistication for High-Volume RAT Infections

The stealthy crypter, active since 2015, has been used to deliver a wide range of information stealers and RATs at a rapid, widespread clip.

CVE-2022-1410: A Red Team Perspective on the Device42 Asset Management Appliance

OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions.

Windows Vulnerability Could Crack DC Server Credentials Open

The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.

Vulnerability Spotlight: Three vulnerabilities in HDF5 file format could lead to remote code execution

Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered three vulnerabilities in a library that works with the HDF5 file format that could allow an attacker to execute remote code on a targeted device.  These issues arise in the libhdf5 gif2h5 tool that’s normally used to convert a GIF file to the HDF5 format, commonly used to store large amounts of numerical data. An attacker could exploit these vulnerabilities by tricking a user into opening a specially crafted, malicious file. TALOS-2022-1485 (CVE-2022-25972) and TALOS-2022-1486 (CVE-2022-25942) are out-of-bounds write vulnerabilities in the gif2h5 tool that trigger a specific crash, opening the door for code execution from the adversary. TALOS-2022-1487 (CVE-2022-26061) works similarly but is a heap-based buffer overflow vulnerability.  Cisco Talos is disclosing these vulnerabilities despite no official fix from HDF5 in adherence to the 90-day deadline outlined in Cisco...

CVE-2022-38368: PSIRT Advisories — aviatrix_docs documentation

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.

CVE-2020-21642: ManageEngine Analytics Plus | Release Notes

Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.