CVE-2024-24576-Poc-Python A quick POC for the vulnerability disclosed here https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/ After you run the script it will a ...
Continue ReadingApril 10, 2024
CVE-2024-24576-Poc-Python A quick POC for the vulnerability disclosed here https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/ After you run the script it will a ...
Continue ReadingApril 10, 2024
Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file con ...
Continue ReadingApril 10, 2024
Overview Various programming languages lack proper validation mechanisms for commands and in some cases also fail to escape arguments correctly when invoking commands within a Microsoft Windows enviro ...
Continue ReadingApril 10, 2024
Summary The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and stil ...
Continue ReadingApril 10, 2024
Impact When the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user ...
Continue ReadingApril 10, 2024
gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versi ...
Continue ReadingApril 10, 2024
A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions >= 3.0.0. The vulnera ...
Continue ReadingApril 10, 2024
Back to Main