Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

FedEx Ship Manager (FSM) 3704 Insecure .NET Remoting

FedEx Ship Manager (FSM) version 3704 suffers from an insecure use of .NET remoting.

Packet Storm
Open in Source
#rce#auth
Update Android now! Google patches three important vulnerabilities

Categories: Android Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Android Tags: update Tags: CVE-2023-21085 Tags: CVE-2023-21096 Tags: CVE-2022-38181 Tags: Use-after-free Tags: input validation Google has released an Android update that fixes two critical remote code execution (RCE) vulnerabilities, and one vulnerability that has been exploited in the wild. (Read more...) The post Update Android now! Google patches three important vulnerabilities appeared first on Malwarebytes Labs.

CVE-2023-0265: Uvdesk 1.1.1 - RCE via Insecure File Upload | Advisories | Fluid Attacks

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.

15M+ Services & Apps Remain Sitting Ducks for Known Exploits

Scans of the Internet find that millions of computers, virtual machines, and containers are vulnerable to one or more of the hundreds of cyberattacks currently used in the wild, despite being patchable.

CVE-2020-19695: Array elements left uninitialized in Array.prototype.slice() for primitive this values. · Issue #188 · nginx/njs

Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.

CVE-2020-19693: A memory corruption bug in the jswrap_object.c · Issue #1684 · espruino/Espruino

An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint.

CVE-2023-25356: Full Disclosure: [CVE-2023-25355/25356] No fix available

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution.

Red Hat Security Advisory 2023-1516-01

Red Hat Security Advisory 2023-1516-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.

GLPI Cartography Shell Upload

GLPI Cartography versions prior to 6.0.0 suffers from a remote shell upload vulnerability.

GLPI 10.0.2 SQL Injection / Remote Code Execution

GLPI versions 10.0.0 through 10.0.2 suffer from a remote SQL injection vulnerability that can lead to remote code execution.