This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise. The BIG-IP system in Appliance mode is also vulnerable
A vulnerability in the File Manager (wp-file-manager) plugin for WordPress, version 6.0 to 6.8, allows to unauthenticated remote attackers to upload and execute arbitrary PHP code because.
The root cause is an unsafe renaming of a example elFinder connector file with the php extension.
Successful exploitation of this vulnerability allows attackers to write php files to the wp-content/plugins/wp-file-manager/lib/files/ directory of Wordpress.
The root cause is an unsafe renaming of a example elFinder connector file with the php extension.
Successful exploitation of this vulnerability allows attackers to write php files to the wp-content/plugins/wp-file-manager/lib/files/ directory of Wordpress.
An authenticated JNDI injection vulnerability in Oracle Weblogic Server allows attackers to execute a java class file to gain arbitrary code execution on the affected system.
This exploit leverages a vulnerability in Pulse Secure which allows an unauthenticated remote attacker to send a specially crafted URI to perform an arbitrary file reading vulnerability.
A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.
Oracle WebLogic Server is prone to a remote vulnerability that allows unauthenticated attackers to execute system commands.
By exploiting known methods, it is possible to remotely instantiate several java classes that allows to execute system commands.
This update improves code readability and adds a bypass for CVE-2020-14750.
By exploiting known methods, it is possible to remotely instantiate several java classes that allows to execute system commands.
This update improves code readability and adds a bypass for CVE-2020-14750.
Oracle WebLogic Server is prone to a remote vulnerability that allows unauthenticated attackers to execute system commands.
By exploiting known methods, it is possible to remotely instantiate several java classes that allows to execute system commands.
By exploiting known methods, it is possible to remotely instantiate several java classes that allows to execute system commands.
An unauthenticated java deserialization vulnerability via T3 protocol in Oracle Weblogic Server allows an attacker to upload and execute a java class file to gain arbitrary code execution on the affected system.
This update adds xml tags to prevent pivoting.
This update adds xml tags to prevent pivoting.
An unauthenticated java deserialization vulnerability via T3 protocol in Oracle Weblogic Server allows an attacker to upload and execute a java class file to gain arbitrary code execution on the affected system.
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.17, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence.