Page 440 of 37780 results (0.059 seconds)

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

Combined with SQL injection vulnerabilities, remote code execution can be implemented. • https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. • https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717 https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856 https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886 https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 4

Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. ... This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. ... Cacti versions prior to 1.2.27 suffer from an arbitrary file write vulnerability that allows for remote code execution. • https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26 https://github.com/5ma1l/CVE-2024-25641 https://github.com/thisisveryfunny/CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26 https://github.com/Safarchand/CVE-2024-25641 http://seclists.org/fulldisclosure/2024/May/6 https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210 https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88 https://lists.fedoraproject.org/archives/li • CWE-20: Improper Input Validation •

CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. Debido a un método de deserialización inseguro utilizado por el servidor Veeam Service Provider Console (VSPC) en la comunicación entre el agente de administración y sus componentes, bajo ciertas condiciones, es posible realizar la ejecución remota de código (RCE) en la máquina del servidor VSPC. • https://www.veeam.com/kb4575 • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/nastar-id/CVE-2024-32700 https://patchstack.com/database/vulnerability/chatbot-chatgpt/wordpress-kognetiks-chatbot-for-wordpress-plugin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •