vidura2

4 exploits Active since Oct 2023
CVE-2024-46986 NOMISEC CRITICAL WORKING POC
Camaleon CMS < 2.8.2 - Authenticated Arbitrary File Write via MediaController Upload
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2 stars
CVSS 9.9
CVE-2024-46377 NOMISEC CRITICAL WORKING POC
Best House Rental Management System 1.0 - Arbitrary File Upload via save_settings() Function
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php.
2 stars
CVSS 9.8
CVE-2024-46451 NOMISEC CRITICAL WORKING POC
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 - Buffer Overflow in setWiFiAclRules via desc Parameter
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.
2 stars
CVSS 9.8
CVE-2023-46747 NOMISEC CRITICAL WORKING POC
F5 BIG-IP 13.1.0-13.1.4 - Unauthenticated Remote Command Execution via Configuration Utility Bypass
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
2 stars
CVSS 9.8