Tag
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
## Description snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution especially when snappy is used with frameworks with documented POP chains like Laravel/Symfony vulnerable developer code. If user can control the output file from the `generateFromHtml()` function, it will invoke deserialization. ## Proof of Concept Install Snappy via composer require `knplabs/knp-snappy`. After that, under snappy directory, create an `index.php` file with this vulnerable code. ```php <?php // index.php // include autoloader require __DIR__ . '/vendor/autoload.php'; // reference the snappy namespace use Knp\Snappy\Pdf; // vulnerable object class VulnerableClass { public $fileName; public $callback; ...
Debian Linux Security Advisory 5375-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing.
** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
The challenges are steep, but school districts can fight back with planning.
Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.
By Deeba Ahmed Both suspects, Sagar Steven Singh and Nicholas Ceraolo, were reportedly members of a notorious cybercrime group, ViLE. Two… This is a post from HackRead.com Read the original post: Two US Citizens Charged for Hacking into DEA Portal in 2022
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."
A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer.
Over the weekend, cybercriminals laid the groundwork for Silicon Valley Bank-related fraud attacks that they're now starting to cash in on. Businesses are the targets and, sometimes, the enablers.