Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js ...
Continue Reading
September 09, 2024
An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente...Read More ...
Continue Reading
September 09, 2024
An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente...Read More ...
Continue Reading
September 09, 2024
Server-Side Request Forgery in federated sharing API may allow an unauthenticated attacker to identify internal servers. Furthermore due to improper timeout handling the server could be affected by a ...
Continue Reading
September 09, 2024
An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente...Read More ...
Continue Reading
September 09, 2024
Improper handling of CSRF protection in the diagnostics app in combination with the SameSite-Cookie setting being set to None allows cross site invocation of an admin...Read More ...
Continue Reading
September 09, 2024
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on ...
Continue Reading
September 09, 2024
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulner ...
Continue Reading
September 09, 2024
Back to Main
