#rce

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.

A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitize_svg function, this can lead to cross-site scripting (XSS) vulnerabilities, which in turn pose a risk of remote code execution. The sanitize_svg function only removes script elements and 'on*' event attributes, but does not account for other potential vectors for XSS within SVG files. This vulnerability can be exploited when authorized users access a malicious URL containing the crafted SVG file.

Various Xerox printers, such as models EC80xx, AltaLink, VersaLink, and WorkCentre, suffer from an authenticated remote code execution vulnerability.

A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported as part of Protect AI's Huntr bug bounty platform. The most severe of the

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: InterMesh Vulnerabilities: OS Command Injection, Missing Authentication for Critical Function, Execution with Unnecessary Privileges, Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution, execute commands, write arbitrary files, or execute arbitrary commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens InterMesh Subscriber Devices, a wireless alarm reporting system, are affected: InterMesh 7177 Hybrid 2.0 Subscriber: All...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: InfraSuite Device Master Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of InfraSuite Device Master, a real-time device monitoring software, are affected: InfraSuite Device Master: Versions 1.0.12 and prior 3.2 Vulnerability Overview 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication, resulting in remote code execution. CVE-2024-10456 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated...

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references. ## Original Description An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.

Red Hat Security Advisory 2024-8235-03 - Red Hat OpenShift Container Platform release 4.14.39 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, denial of service, and out of bounds write vulnerabilities.

### Summary The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such a folder by changing the download folder to a folder in `/scripts` path and using the `/flashgot` API to download the file. ### Details **Configuration changes** 1. Change the download folder to `/home/<user>/.pyload/scripts` 2. Change permissions for downloaded files: 1. Change permissions of downloads: on 2. Permission mode for downloaded files: 0744 **Making the request to download files** The `flashgot` API provides functionality to download files from a provided URL. Although pyload tries to prevent non-local requests from being able to reach this API, it relies on checking the Host header and the Referer header of the incoming request. Both of these can be set by an att...

Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin. But don't worry, we're here to break it all down in plain English and arm you with the