Gentoo Linux Security Advisory 202411-7 - A vulnerability has been discovered in Pillow, which may lead to arbitrary code execution. Versions greater than or equal to 10.3.0 are affected.
f33ea09ad2289f635434f7ee97a896c3bcb59965736b5163ab8e08d19639a6afSOPlanning version 1.52.01 authenticated remote code execution exploit.
aa2b0281cd44426371fcd74740cdc742a4967b78355a65e5c712e22f50b852b6Red Hat Security Advisory 2024-9680-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
5e84fedd1a55610efb37e4cd55c473c8354b2e43c61a8e55f36a6a31453cb759Red Hat Security Advisory 2024-9653-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
af16f2d0ab8f93277bad9bab810989371c95502791998f695a259f331e3215e3Proof of concept remote code execution exploit for GravCMS 1.10.7 that leverages an arbitrary YAML write / update.
5cb1696418ca010542d02a039fd2e7ced0fb5abc292d2bf9e447350af4776e32Proof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.
a6b63ce9c93a3021236a9a584571d58798fe9d500b30228bb2141feca495c4d9This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a default installation, commands will get executed in the context of www-data. When credentials are provided, this module will only exploit the second vulnerability. If no credentials are provided, the module will first try to reset the admin password and then perform the OS command injection.
df2c6c91b0ec6249f500e20b70f386982ccf89ee425960ccceff8fd524cb14ffRed Hat Security Advisory 2024-9470-03 - An update for cups is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
a6a7ebd5935d015ed96e9946115b8c2e10a494cdeb8ada2fdbb82bddede77de8Red Hat Security Advisory 2024-9413-03 - An update for bluez is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow, code execution, information leakage, and out of bounds read vulnerabilities.
671a6b8eeb0cd8db36e71d269d6c542d3263898b6a6b0dccbb0942effda41b3dRed Hat Security Advisory 2024-9144-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, denial of service, spoofing, and use-after-free vulnerabilities.
da5b544cc29b32795134e7e6b1a235c122a070aca4ba80b68c456053d3c6591aRed Hat Security Advisory 2024-9439-03 - An update for fontforge is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
0affc9f8abb757bcde8e8995717aac829d66bdc0af84f66e7f3ad6382a7f9bddRed Hat Security Advisory 2024-9114-03 - An update for gnome-shell and gnome-shell-extensions is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
1d6730f189c823a485237f81d05d3aaac88a9d4de629ecb7b8e5e627d3bdfc7bWS02 versions 4.0.0, 4.1.0, and 4.2.0 are susceptible to remote code execution via an arbitrary file upload vulnerability.
88bbb0e549a78d6ccac8792066a572155603f8e8b352a29a78237e92f01cd2a7While parsing test result XML files with the TestRail CLI, the presence of certain TestRail-specific fields can cause untrusted data to flow into an eval() statement, leading to arbitrary code execution. In order to exploit this, an attacker would need to be able to cause the TestRail CLI to parse a malicious XML file. Normally an attacker with this level of control would already have other avenues of gaining code execution.
23defc505c60d8487fbaa6cc446dcdfe879f30097f49592151de5e51f416f7ffGentoo Linux Security Advisory 202411-5 - Multiple vulnerabilities have been discovered in libgit2, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.7.2 are affected.
e36ba141a68d9eadb1c20bef1827ab09621c613c4c563ec80cbe3f0d52723bb6Gentoo Linux Security Advisory 202411-4 - A vulnerability has been discovered in EditorConfig Core C library, which may lead to arbitrary code execution. Versions greater than or equal to 0.12.6 are affected.
22e8d912ecfeb15108a828059979255588a6e09b263f2522d67ccdce1dfd0ef9IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.
bbe5e2c1ca7d3b42c24076cc8aa46544dec9bd260d2ef8b56f24a6ec52ecd952SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.
d1c79ff390d1eddef9aea5b0debce0087e67faf0b8c82c4f6c4ee4fde8484a34This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.
ee57dce5428a24a7b498257e3bc5ee22dadff0bd6e92b4746a779384b38532cbRed Hat Security Advisory 2024-8496-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
2e425c73fd22f87e178fed171c1410ce871a8a2a0b4ed9caf27410d94cb49679Red Hat Security Advisory 2024-8492-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
ebc60e146c7b521a686c9d32d79776440020011ee7da884e4822bf6033759816Red Hat Security Advisory 2024-7939-03 - Red Hat OpenShift Container Platform release 4.13.52 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and out of bounds write vulnerabilities.
c59e77f4edbb825a109e2e969c9ebdcd961148f9a85f31c0392d630517067dc3Various Xerox printers, such as models EC80xx, AltaLink, VersaLink, and WorkCentre, suffer from an authenticated remote code execution vulnerability.
560ebed6d4ac441b5c221ab45725cf6200de08900c517d47576960db33ef2183Red Hat Security Advisory 2024-8235-03 - Red Hat OpenShift Container Platform release 4.14.39 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, denial of service, and out of bounds write vulnerabilities.
0b3639946849ab34cb421cd50d9e3ea2ddc6781f2d02077f6fe54d249150146aThis repository contains a Python script that exploits a remote code execution vulnerability in Grafana's SQL Expressions feature. By leveraging insufficient input sanitization, this exploit allows an attacker to execute arbitrary shell commands on the server. This is made possible through the shellfs community extension, which can be installed and loaded by an attacker to facilitate command execution.
6c3c16d85296d769a797c9f8ac23b3a50fdbb1f53c416a6022ded19352c4bb10
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed