A java unsafe reflection vulnerability present in Gremlin scripting feature of Apache HugeGraph allows remote attackers to execute system commands in the context of the affected application.
The POST SMTP Mailer Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover. This update adds support for LINUX and improves documentation.
The POST SMTP Mailer Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.
An OGNL injection vulnerability in Atlassian Confluence allows unauthenticated remote attackers to execute OS system commands.
The vulnerability allows to an unauthenticated attacker to register as an administrator and take full control of the website. The problem occurs with the plugin registration form. In this form it's possible to change certain values for the account to be registered. This includes the "wp_capabilities" value, which determines the user's role on the website. This update adds a print in the module output window.
The vulnerability allows to an unauthenticated attacker to register as an administrator and take full control of the website. The problem occurs with the plugin registration form. In this form it's possible to change certain values for the account to be registered. This includes the "wp_capabilities" value, which determines the user's role on the website.
A Java deserialization vulnerability is Apache ActiveMQ allows unauthenticated remote attackers to execute system commands via OpenWire protocol.
A java deserialization vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected installations of VMware Aria Operations for Logs in the context of the root user account.
A vulnerability in the Backup Service of Veeam Backup and Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
This update adds a module that checks the vulnerability and retrieves all the credentials and another module to deploy an agent.
This update adds a module that checks the vulnerability and retrieves all the credentials and another module to deploy an agent.
This module exploits an information disclosure vulnerability, a remote file download vulnerability and a directory traversal vulnerability in VMware vRealize Log Insight to deploy an agent with root privileges.