Page 261 of 37488 results (0.087 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM.  The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, un usuario autenticado con ciertos permisos puede cargar un archivo arbitrario y obtener RCE usando Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.7EPSS: 0%CPEs: -EXPL: 0

A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. ... Successful exploitation enables an attacker to upload and execute malicious code on the victim's system, leading to Remote Code Execution (RCE). Existe una vulnerabilidad de Path Traversal e inclusión remota de archivos (RFI) en la aplicación parisneo/lollms-webui, que afecta a las versiones v9.7 hasta la última. ... La explotación exitosa permite a un atacante cargar y ejecutar código malicioso en el sistema de la víctima, lo que lleva a la ejecución remota de código (RCE). • https://huntr.com/bounties/9238e88a-a6ca-4915-9b5d-6cdb4148d3f4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://github.com/sinsinology/CVE-2024-4885 https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •