Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

RHSA-2023:1151: Red Hat Security Advisory: Satellite 6.11.5 Async Security Update

Updated Satellite 6.11 packages that fixes critical security bugs and several regular bugs are now available for Red Hat Satellite.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32224: An insecure deserialization flaw was found in Active Record, which uses YAML.unsafe_load to convert the YAML data into Ruby objects. An attacker supplying crafted data to the database can perform remote code execution (RCE), resulting in complete system compromise.

Red Hat Security Data
Open in Source
#linux#red_hat#rce#ruby#rpm#docker
CVE-2021-4330: Changeset 2617529 for envato-elements – WordPress Plugin Repository

The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit – Import and versions up to and including 2.0.10 of Envato Elements & Download.

CVE-2023-24217: Agilebio Lab Collector 4.234 Remote Code Execution ≈ Packet Storm

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.

GHSA-2563-fp9c-mgm8: Moodle Session Fixation vulnerability

In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.

CVE-2023-24737: CVE/PMB at main · AetherBlack/CVE

PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php.

CVE-2023-26949: Remote code execution caused by uploading arbitrary files in the background · Issue #1 · keheying/onekeyadmin

An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2021-36394

In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.

CVE-2023-24776: Background offline installation plug-in rce · Issue #7 · funadmin/funadmin

Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php.

Agilebio Lab Collector 4.234 Remote Code Execution

Agilebio Lab Collector version 4.234 suffers from a remote code execution vulnerability.

CVE-2023-1184: ecshop v4.1.8 RCE vulnerability · Issue #1 · wjzdalao/ecshop4.1.8

A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file admin/database.php of the component Backup Database Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222356.