An Authentication bypass and a .NET deserialization vulnerability allows unauthenticated remote attackers to execute system commands in Progress Telerik Report Server.
In PHP, when using Apache and PHP-CGI on Windows and if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow remote attackers to pass options to PHP binary being run, leading to execute system commands in the context of the affected application.
An identified vulnerability in ScreenConnect allows attackers to bypass string comparison in the request path and access the setup wizard ("/SetupWizard.aspx") on configured instances. Exploiting this vulnerability enables an attacker to create an administrative user and upload a malicious ScreenConnect extension, potentially leading to remote code execution (RCE) on the server.
An authentication bypass vulnerability in Jetbrains TeamCity allows unauthenticated remote attackers to execute OS system commands.
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
A java deserialization vulnerability and a blind XXE vulnerability allows unauthenticated remote attackers to execute system commands in Zoho ManageEngine ADAudit Plus.
This update fixes the module attack logic when launched in webapps RPT.
This update fixes the module attack logic when launched in webapps RPT.
A path traversal vulnerability in SysAid on-prem allows unauthenticated remote attackers to upload arbitrary files to the system. This allows the upload of a malicious WAR file to the web server's root directory leading to the execution of OS system commands.
An AJP request smuggling present in F5 BIG-IP Traffic Management User Interface (TMUI) allows unauthenticated remote attackers to create an administrative user and execute OS systems commands in the context of the root user.
An authentication bypass vulnerability in Jetbrains TeamCity allows unauthenticated remote attackers to execute system commands.
A .NET deserialization vulnerability in Progress WS_FTP Server allows unauthenticated remote attackers to execute system commands.