#rce

OX App Suite suffers from server-side request forgery, command injection, uncontrolled resource consumption, code injection, authorization bypass, and insecure storage vulnerabilities. Various versions in the 7.10.x and 8.x branches are affected.

Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx.

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.

Categories: News Tags: CISA Tags: BOD 23-02 Tags: Internet exposed Tags: management interfaces Tags: vulnerabilities Tags: CVE-2023-27992 Tags: CVE-2023-20887 There is a lot to be said for the strategy of shielding management interfaces from public internet access (Read more...) The post Reducing your attack surface is more effective than playing patch-a-mole appeared first on Malwarebytes Labs.

By Deeba Ahmed FortiGuard Labs has identified numerous Condi DDoS botnet samples that exploit other known security flaws, putting unpatched software at a higher risk of being exploited by botnet malware. This is a post from HackRead.com Read the original post: New DDoS Botnet ‘Condi’ Targets Vulnerable TP-Link AX21 Routers

The Backstage scaffolder-backend plugin uses a templating library that requires a sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. ### Impact A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. ### Patches This is vulnerability is fixed in version 1.15.0 of `@backstage/plugin-scaffolder-backend`. ### Workarounds Note that the [Backstage Threat Model](https://backstage.io/docs/overview/threat-model) states that scaffolder templates are considered to be a sensitive area that with the recommendation that you control access and perform manual r...

### Summary An unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability which results in a remote code execution vulnerability. ### Details An attacker can send an email with a malicious attachment to the inbox, which gets crawled with webklex/php-imap or webklex/laravel-imap. Prerequisite for the vulnerability is that the script stores the attachments without providing a `$filename`, or providing an unsanitized `$filename`, in `src/Attachment::save(string $path, string $filename = null)` (https://github.com/Webklex/php-imap/blob/5.2.0/src/Attachment.php#L251-L255). In this case, where no `$filename` gets passed into the `Attachment::save()` method, the package would use a series of unsanitized and insecure input values from the mail as fallback (https://github.com/Webklex/php-imap/blob/5.2.0/src/Attachment.php#L252). Even if a developer passes a `$filename` into the `Attachment::save()` method, e.g. by passing the name or filenam...

A slew of critical advisories this week showcase an exploding edge device attack surface for SMBs, which have limited cybersecurity protection, visibility, and maintenance available.

The emerging cyber-threat group is unusually persistent and nimble, bypassing MFA, stealing data, and using compromised environments for downstream customer attacks.

SPIP versions 4.2.1 and below suffer from an unauthenticated remote code execution vulnerability.