#rce

### Summary Kimai uses [PHPSpreadsheet](https://github.com/PHPOffice/PhpSpreadsheet) for importing and exporting invoices. Recently, a [CVE](https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-ghg6-32f9-2jp7) was identified in PHPSpreadsheet, which could lead to an XXE vulnerability. ### Details Exploitation requires an Administrator account, allowing the upload of an `XLSX` template containing the payload. The vulnerability is triggered by the following code snippet: ```php // https://github.com/kimai/kimai/blob/b1903ba18359be16dd32ea9c40377c486498f082/src/Invoice/Renderer/AbstractSpreadsheetRenderer.php#L41 public function render(InvoiceDocument $document, InvoiceModel $model): Response { $spreadsheet = IOFactory::load($document->getFilename()); $worksheet = $spreadsheet->getActiveSheet(); $entries = $model->getCalculator()->getEntries(); $sheetReplacer = $model->toArray(); $invoiceItemCount = \count($entries); if ($invoiceItemCount > 1) {...

Red Hat Security Advisory 2024-6726-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a code execution vulnerability.

Attackers could have exploited a dependency confusion vulnerability affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.

SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data. "SolarWinds Access Rights

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.

Proof of concept exploit that allows an attacker to retrieve administrative credentials through SQL injection and ultimately execute arbitrary code on the target server.

Proof of concept remote code execution exploit for Rejetto HTTP File Server (HFS) version 2.3m.

Proof of concept unauthenticated remote code execution exploit for Calibre versions 7.14.0 and below.

Veeam Backup and Replication version 12.1.2.172 unauthenticated remote code execution exploit.

A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable Research. "The vulnerability could have allowed an attacker to hijack an internal software dependency