An identified vulnerability in ScreenConnect allows attackers to bypass string comparison in the request path and access the setup wizard ("/SetupWizard.aspx") on configured instances. Exploiting this vulnerability enables an attacker to create an administrative user and upload a malicious ScreenConnect extension, potentially leading to remote code execution (RCE) on the server.
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
A java deserialization vulnerability and a blind XXE vulnerability allows unauthenticated remote attackers to execute system commands in Zoho ManageEngine ADAudit Plus.
This update fixes the module attack logic when launched in webapps RPT.
This update fixes the module attack logic when launched in webapps RPT.
A path traversal vulnerability in SysAid on-prem allows unauthenticated remote attackers to upload arbitrary files to the system. This allows the upload of a malicious WAR file to the web server's root directory leading to the execution of OS system commands.
An AJP request smuggling present in F5 BIG-IP Traffic Management User Interface (TMUI) allows unauthenticated remote attackers to create an administrative user and execute OS systems commands in the context of the root user.
An authentication bypass vulnerability in Jetbrains TeamCity allows unauthenticated remote attackers to execute system commands.
A .NET deserialization vulnerability in Progress WS_FTP Server allows unauthenticated remote attackers to execute system commands.
Unauthenticated OS Command Injection in evictPublishedSupportBundles function of ScriptUtils class of VMWare Aria Operations for Networks (aka vRealize Network Insight)
An SQL Injection Vulnerability in Progress MOVEit Transfer allows unauthenticated remote attackers to execute system commands.
An SQL Injection Vulnerability in Progress MOVEit Transfer allows unauthenticated remote attackers to execute system commands.