A Remote Code Execution (RCE) vulnerability was found in the DICOM file import process of Invesalius 3. This vulnerability affects versions 3.1.99991 to 3.1.99998. By utilizing a specially crafted DICOM file, an attacker can execute arbitrary code on the victim's system.
The WBCE CMS version 1.6.2 allows remote attackers to execute arbitrary code via a crafted request. By uploading a malicious file, an attacker can execute commands on the server remotely.
The Monstra CMS 3.0.4 allows remote attackers to execute arbitrary code via crafted PHP code in a .chunk.php file.
A vulnerability was found in ASUS ASMB8 iKVM firmware version 1.14.51 and possibly others, allowing for Remote Code Execution (RCE) via SNMP arbitrary extensions. By exploiting this vulnerability, an attacker can run commands on the system with root privileges and introduce a new user to bypass SSH restrictions. Additionally, a hardcoded account 'sysadmin:superuser' was discovered. The vulnerability is identified as CVE-2023-26602.
The Akaunting version 3.1.8 is vulnerable to Server-Side Template Injection (SSTI) where an attacker can inject payload like {{7*7}} in various input fields resulting in arbitrary code execution.
An authenticated remote code execution vulnerability exists in ElkArte Forum version 1.1.9. By uploading a malicious PHP file via the theme installation feature, an attacker can execute arbitrary commands on the server, leading to a compromise of the system.
The vulnerability in Wordpress Plugin Background Image Cropper v1.2 allows remote attackers to execute arbitrary code on the target system. By uploading a malicious PHP file, an attacker can run commands on the server remotely. This vulnerability has a CVE ID pending assignment.
The vulnerability allows remote attackers to execute arbitrary code on the affected Atlassian Confluence servers. By sending a specially crafted payload to the '/template/aui/text-inline.vm' endpoint, an attacker can exploit this issue. This vulnerability is identified as CVE-2023-22527.
The Gibbon LMS v26.0.00 is vulnerable to Server-Side Template Injection (SSTI) due to improper handling of user-supplied input in the login.php file. An attacker can exploit this vulnerability to execute arbitrary code on the server, leading to remote code execution.
The Winter CMS version 1.2.2 is vulnerable to Server-Side Template Injection (SSTI) when an authenticated user injects malicious payloads via the CMS Pages field. This allows an attacker to execute arbitrary code and potentially take control of the server.