#rce

A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. This vulnerability is due to insufficient validation of user input to the web interface. An attacker could exploit this vulnerability by uploading a crafted file to an affected device. A successful exploit could allow the attacker to execute code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.

The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin.

Command Injection in GitHub repository microweber/microweber prior to 1.3.3.

Deserialization of Untrusted Data in GitHub repository microweber/microweber prior to 1.3.3.

Pentaho BA Server EE version 9.3.0.0-428 suffers from a remote code execution vulnerability via a server-side template injection flaw.

D-Link DIR-846 suffers from a remote command execution vulnerability.

projectSend r1605 suffers from a remote code execution vulnerability.

FedEx Ship Manager (FSM) version 3704 suffers from an insecure use of .NET remoting.

Categories: Android Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Android Tags: update Tags: CVE-2023-21085 Tags: CVE-2023-21096 Tags: CVE-2022-38181 Tags: Use-after-free Tags: input validation Google has released an Android update that fixes two critical remote code execution (RCE) vulnerabilities, and one vulnerability that has been exploited in the wild. (Read more...) The post Update Android now! Google patches three important vulnerabilities appeared first on Malwarebytes Labs.

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.