A Remote Code Execution (RCE) vulnerability was found in the DICOM file import process of Invesalius 3. This vulnerability affects versions 3.1.99991 to 3.1.99998. By utilizing a specially crafted DICOM file, an attacker can execute arbitrary code on the victim's system.
The Serendipity 2.5.0 allows remote attackers to execute arbitrary code via crafted input in a filename parameter in a serendipity_admin.php mediaFileUpload action. This vulnerability was discovered by Ahmet Ümit BAYRAM on 26.04.2024.
The Dotclear version 2.29 is vulnerable to remote code execution (RCE) due to improper input validation. An attacker can exploit this vulnerability to upload and execute malicious scripts on the server, leading to unauthorized access and control over the system. This vulnerability has been discovered by Ahmet Ümit BAYRAM on 26.04.2024.
The WBCE CMS version 1.6.2 allows remote attackers to execute arbitrary code via a crafted request. By uploading a malicious file, an attacker can execute commands on the server remotely.
The appRain CMF 4.0.5 allows remote attackers to execute arbitrary code via an authenticated user uploading a crafted file containing PHP code.
The Monstra CMS 3.0.4 allows remote attackers to execute arbitrary code via crafted PHP code in a .chunk.php file.
The FreePBX versions 14, 15, and 16 are vulnerable to an Authenticated Remote Code Execution (RCE) exploit. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system. This exploit allows an attacker to execute commands on the target system, potentially leading to a full compromise.
An authenticated remote code execution vulnerability exists in ElkArte Forum version 1.1.9. By uploading a malicious PHP file via the theme installation feature, an attacker can execute arbitrary commands on the server, leading to a compromise of the system.
The vulnerability allows remote attackers to execute arbitrary code on the affected Atlassian Confluence servers. By sending a specially crafted payload to the '/template/aui/text-inline.vm' endpoint, an attacker can exploit this issue. This vulnerability is identified as CVE-2023-22527.
The vulnerability allows for pre-authenticated Remote Code Execution (RCE) on Compuware iStrobe Web version 20.13. By exploiting this vulnerability, an attacker can upload a webshell through a web upload form, utilizing path traversal and arbitrary file upload (.jsp files). The specific vulnerable parameter is 'fileName' which can be manipulated to upload a webshell.