The Angular-Base64-Upload Library version 0.1.20 is vulnerable to Remote Code Execution (RCE) prior to v0.1.21. An unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the target system. This exploit has been assigned CVE-2024-42640 with a severity rating of Critical (CVSS 10.0).
The OpenPanel version 0.3.4 is vulnerable to an incorrect access control issue. An attacker can exploit this vulnerability by sending a crafted HTTP request to access unauthorized files or directories on the server.
An authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager API allows unauthorized access to a selected account. By exploiting this vulnerability, an attacker can add an SSH key to the authorized_keys file of the chosen account, enabling them to log in to the system with that account. Successful exploitation can lead to remote code execution.
The exploit allows for authenticated remote code execution in WBCE CMS version 1.6.3 and prior. It involves creating a malicious module .zip file that, when uploaded and installed through the admin page, triggers the execution of a shell script. This exploit was authored by Swammers8.
The Aztech DSL5005EN router/modem allows an attacker to change the admin password without authentication, by sending a crafted HTTP request to the 'sysAccess.asp' endpoint. This could lead to unauthorized access and control of the device.
An exploit in Artica Proxy 4.50 allows remote attackers to execute arbitrary code by uploading a malicious file. This vulnerability is identified as CVE-2024-2054.
The Palo Alto Networks Expedition version 1.2.90.1 is vulnerable to an admin account takeover. By exploiting this vulnerability, an attacker can reset the admin password to 'paloalto' and gain access to the admin panel.
The exploit involves abusing MS Office URI schemes to fetch a document from a remote source. By invoking a specific URI scheme on a victim computer, an attacker can capture and relay NTLMv2 hash over SMB and HTTP.
A stored cross-site scripting (XSS) vulnerability is found in ResidenceCMS 2.10.1. This vulnerability permits a user with low privileges to insert malicious HTML content as a stored XSS payload within property pages. When the affected property page is accessed by any user, including the administrator, the XSS payload gets executed.
The exploit allows an attacker to achieve Remote Code Execution (RCE) on Pymatgen 2024.1 by crafting a malicious CIF file with a reverse shell payload. By triggering the Pymatgen CIF parser to parse this file, an attacker can execute arbitrary commands on the target system.
Services By CQR