Title: ThemeREX Addons <= 2.32.3 – Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data
Published Date: Jan 28, 2025
Risk Index: 4.96 of 10 (Medium)
Summary: A critical vulnerability has been identified in the XML parser component of the ThemeREX Addons plugin for WordPress. This vulnerability allows for arbitrary file uploads due to missing file type validation in the ‘trx_addons_uploads_save_data’ function in all versions up to, and including, 2.32.3. This critical flaw can facilitate unauthenticated attackers to upload arbitrary files on an affected site’s server, potentially leading to remote code execution.
If exploited, this vulnerability could allow an attacker to gain unauthorized access to sensitive data or execute arbitrary code on the affected system. In scenarios where an attacker successfully uploads a malicious file, they can execute commands remotely, potentially gaining control over the website and its underlying hosting environment. The consequences of such an exploit can range from website defacement, data theft, and deployment of further malware, to complete website takeover and server compromise.
Title: iControlWP – Multiple WordPress Site Manager <= 4.4.5 – Unauthenticated PHP Object Injection
Published Date: Jan 30, 2025
Risk Index: 4.96 of 10 (Medium)
Summary: A critical vulnerability has been identified in the iControlWP – Multiple WordPress Site Manager plugin for WordPress. If exploited, this vulnerability could enable an attacker to execute various nefarious activities on the affected system. This includes gaining unauthorized access to sensitive data, executing arbitrary code, or deleting critical files. The actual impact is dependent on the existence and interaction of a suitable POP chain within the WordPress site, able to leverage the malformed PHP object.
Title: go-git has an Argument Injection via the URL field
Published Date: Jan 06, 2025
Risk Index: 8.28 of 10 (High)
Summary: A critical vulnerability has been identified in the argument handling component of the go-git library. This vulnerability allows attackers to inject arbitrary values into git-upload-pack flags when using the file transport protocol, leading to potential code execution risks.
If exploited, this vulnerability could allow an attacker to gain unauthorized control over the git commands executed by the go-git library. This could potentially lead to arbitrary code execution, data manipulation, and unauthorized access to sensitive repositories, significantly compromising the integrity and security of affected systems.
Title: Solaris /bin/login Vulnerability
Published Date: Apr 10, 2002
Risk Index: 8.55 of 10 (High)
Summary: A critical vulnerability has been identified in the login program on Aix (before version 4.0) that allows remote users to specify 100 or more environment variables when logging on. This exceeds the length of a specific string and possibly triggers a buffer overflow.
If exploited, this vulnerability could allow an attacker to gain unauthorized access to sensitive data or execute arbitrary code on the affected system. Moreover, the ability to specify an excessive number of environment variables during login could ultimately lead to complete system compromise, unauthorized administrative access, and severe operational disruptions.
Title: Solaris /bin/login Vulnerability
Published Date: Dec 12, 2001
Risk Index: 8.73 of 10 (High)
Summary: A critical vulnerability has been identified in the login program for System V based operating systems. Specifically, this buffer overflow vulnerability, notified as CVE-2001-0797, allows remote attackers to execute arbitrary commands by sending a large number of arguments through services such as telnet and rlogin.
If this vulnerability is exploited, it could allow an attacker to gain unauthorized access to sensitive data or execute arbitrary code on the affected system. This could lead to a full system compromise, including unauthorized access to remote systems, database breaches, and the potential for privilege escalation attacks. Systems that rely on telnet and rlogin services are particularly at risk if not adequately secured or updated.