An improper input validation vulnerability in Magento Open Source and Adobe Commerce allows unauthenticated remote attackers with network access via HTTP to achieve session takeover and unauthenticated remote code execution under certain conditions.
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration) allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing.
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
An authenticated PHP object deserialization vulnerability in Roundcube Webmail allows authenticated remote attackers to execute OS system commands.
Veeam Backup and Replication deserialization of Veeam.Backup.EsxManager.xmlFrameworkDs .NET class type allows authenticated remote attackers to execute system commands in the context of the NT AUTHORITY\SYSTEM user.
Enhance identity management in exploits. * Linked created identities in the Module Output: Added a reference to the created identity in the Module Output. * Added Validated and Validated in properties to identities: Ensured that created identities include Validated=True and are associated with the target (Validated in) where they were verified.
Ivanti Connect Secure contains a stack-based buffer overflow that allows unauthenticated remote attackers to execute system commands in the context of the nr user.
The CVE-2024-24401 vulnerability in Nagios XI version 2024R1.01 allows a remote attacker to execute arbitrary code through an SQL injection in the monitoringwizard.php component. Successful exploitation of this vulnerability can compromise the confidentiality, integrity, and availability of the affected system. The CVE-2024-24402 vulnerability affects Nagios XI version 2024R1.01, enabling a remote attacker to escalate privileges via a crafted script targeting the /usr/local/nagios/bin/npcd component. This flaw could allow unauthorized attackers to gain elevated privileges on affected systems, compromising the integrity and security of the Nagios XI monitoring system and connected infrastructure.
CVE-2023-43208 stems from an insecure data deserialization process in Mirth Connect's use of the XStream library, which improperly processes untrusted XML payloads.This deserialization flaw enables us to exploit the system by sending crafted XML requests to execute code remotely on the server.
A chain of vulnerabilities in cups-browsed, libcupsfilters, libppd and cups-filters allows unauthenticated remote attackers to execute system commands.