Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

GHSA-534c-hcr7-67jg: Kimai has an XXE Leading to Local File Read

### Summary Kimai uses [PHPSpreadsheet](https://github.com/PHPOffice/PhpSpreadsheet) for importing and exporting invoices. Recently, a [CVE](https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-ghg6-32f9-2jp7) was identified in PHPSpreadsheet, which could lead to an XXE vulnerability. ### Details Exploitation requires an Administrator account, allowing the upload of an `XLSX` template containing the payload. The vulnerability is triggered by the following code snippet: ```php // https://github.com/kimai/kimai/blob/b1903ba18359be16dd32ea9c40377c486498f082/src/Invoice/Renderer/AbstractSpreadsheetRenderer.php#L41 public function render(InvoiceDocument $document, InvoiceModel $model): Response { $spreadsheet = IOFactory::load($document->getFilename()); $worksheet = $spreadsheet->getActiveSheet(); $entries = $model->getCalculator()->getEntries(); $sheetReplacer = $model->toArray(); $invoiceItemCount = \count($entries); if ($invoiceItemCount > 1) {...

ghsa
#vulnerability#git#php#rce#acer
Red Hat Security Advisory 2024-6726-03

Red Hat Security Advisory 2024-6726-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a code execution vulnerability.

'CloudImposer' Flaw in Google Cloud Affected Millions of Servers

Attackers could have exploited a dependency confusion vulnerability affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data. "SolarWinds Access Rights

GHSA-wj4j-qc2m-fgh7: Mattermost Desktop App Uncontrolled Search Path Vulnerability

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.

VICIdial SQL Injection / Remote Code Execution

Proof of concept exploit that allows an attacker to retrieve administrative credentials through SQL injection and ultimately execute arbitrary code on the target server.

Rejetto HTTP File Server 2.3m Template Injection / Arbitrary Code Execution

Proof of concept remote code execution exploit for Rejetto HTTP File Server (HFS) version 2.3m.

Calibre 7.14.0 Remote Code Execution

Proof of concept unauthenticated remote code execution exploit for Calibre versions 7.14.0 and below.

Veeam Backup And Replication 12.1.2.172 Remote Code Execution

Veeam Backup and Replication version 12.1.2.172 unauthenticated remote code execution exploit.

Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution

A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable Research. "The vulnerability could have allowed an attacker to hijack an internal software dependency