A remote SQL injection vulnerability exists in FortiNet FortiClient EMS (Endpoint Management Server) versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. FortiClient EMS serves as an endpoint management solution tailored for enterprises, offering a centralized platform for overseeing enrolled endpoints. The SQL injection vulnerability is due to user controller strings which can be sent directly into database queries. FcmDaemon.exe is the main service responsible for communicating with enrolled clients. By default it listens on port 8013 and communicates with FCTDas.exe which is responsible for translating requests and sending them to the database. In the message header of a specific request sent between the two services, the FCTUID parameter is vulnerable to SQL injection. It can be used to enable the xp_cmdshell which can then be used to obtain unauthenticated remote code execution in the context of NT AUTHORITY\SYSTEM. Upgrading to either 7.2.3, 7.0.11 or above is recommended by FortiNet. It should be noted that in order to be vulnerable, at least one endpoint needs to be enrolled / managed by FortiClient EMS for the necessary vulnerable services to be available.
5dc08a7c993a962915dd2867b371b86d2696d585975c16dd1ce9c50691286b53
GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10.
b8273beeca3962657f6a9b1d3bfeafcc468090839b20a36ae8bb674024aa42ce
This Metasploit module creates a vsix file which can be installed in Visual Studio Code as an extension. At activation/install, the extension will execute a shell or two. Tested against VSCode 1.87.2 on Ubuntu 22.04.
e6880eb05602e6f92b535b42014f6031b0323eada13388a7f9aab0f3804a2789
A remote code execution vulnerability in Gambio online webshop versions 4.9.2.0 and below allows remote attackers to run arbitrary commands via an unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an attacker to execute remote code on affected systems. The insecure deserialization vulnerability in Gambio poses a significant risk to affected systems. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.
b039dd6352f7639972110e6885da153c2438aa56b1f4c40dc395f737607363b4
This Metasploit module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry collection on (default). Multiple versions are affected. Payloads may take up to one hour to execute, depending on how often the telemetry service is set to run.
9c69f9786e45a27c7e5254838feb1083b7180cc983336792158dcfa2db1cdf80
Palo Alto PAN-OS versions prior to 11.1.2-h3 command injection and arbitrary file creation exploit.
594b68c209a4adfbc7ba9577a8a4aeb75c0f92fd1d23ee6c6e97dbda9ba864a9
LRMS PHP version 1.0 suffers from remote shell upload and multiple remote SQL injection vulnerabilities.
cd29b75f4fc26669967838b2cacc350651afd70ebc41fa183a818a2044008a19
Dreamehome versions 2.1.5 and below suffer from multiple broken authorization vulnerabilities.
f291cbc3f68d107ef35eadc6c79ee93bf58cbd9ccdc054011afb7d62bc9754e1
SofaWiki version 3.9.2 suffers from a remote shell upload vulnerability.
0f96734c2d9102385c242ff25bcaeda5c50413756e19e450e1bcbfe8ae166734
Laravel Framework version 11 suffers from a credential disclosure vulnerability.
0f46b7fe0d34dd07e9a8db63a2302513bdef1017e3780ffff315cee267f96243
FlatPress version 1.3 suffers from a remote shell upload vulnerability.
95b37bcd0ee004b10ed07d1d5449e20f0b6c896143d3d34e105388324e4c71e6
MindManager suffers from a local privilege escalation vulnerability via MSI installer Repair Mode.
ab9b32a15211295bcafeec5242eb488f9dfcc8f2e3a1d0f8296e98ddcd9286e5
WordPress Background Image Cropper plugin version 1.2 suffers from a remote shell upload vulnerability.
7fde3f2c891e83214995aac3e02a1bffb22561963731277fa9a9d738f179af92
Flowise version 1.6.5 suffers from an authentication bypass vulnerability.
3e1f90eb3e5b1062684116e0ad3ee800ad56cd0568e9f1d337614220c32d8dba
Relate Learning and Teaching System versions prior to 2024.1 suffers from a server-side template injection vulnerability that leads to remote code execution.
dc9ebb411726c774da4987d54d2ba2f224359e747d24c55618c19978e8b73e8a
Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
1f4ca9c99499e4b0297302a26037d992679a7eb1d2c0d0b3b0698bafec7a14cc
Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.suffers from a bypass vulnerability.
a8be311ea8bd5716cfaf9d9ff03921fd4ed851241b2631c9ed01cc72407d6cd5
Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
732e89c4d7c762b1e07463f187d3f8108448d799f0b2758484573c4b30793c25
Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.
83741fb5f4f7b681078f0f0aabdad5e51a82d40ac4c86d1cf8609032649927cb
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
67d45ea700951600af178d1f85ea7278844c202822bf7c0658dfaf91b222e908
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.
c2417b5039d600504ceb0e6c879a84ed9fa871b7b6f5e5cc38ae49fcdd200170
Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
77061cc166718763551c4d6d463e2cbc76a772e04ed4a0acfdf893965b4476cb
Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.
055664930200e432744c2fe93d040213de69b2cc7bd67a68df70afa259bd9b24
Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
a259836c2010557736c6c674d0ca15f441385152927583f06374e38fb067306f
Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.
9ceffe5b49bd3badfd5ead7c79b69103e029d8dd57cc256606f884dc51678833