#rce

This is a whitepaper along with a proof of concept eml file discussing CVE-2020-16947 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.13231.20262 when it fails to properly handle objects in memory.

This is a whitepaper discussing CVE-2020-1349 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.12624.20424 when it fails to properly handle objects in memory.

Gentoo Linux Security Advisory 202211-4 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in remote code execution. Versions greater than or equal to 10.22:10 are affected.

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc..

TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1.

Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.

In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415718References: N/A

An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886.

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.

This Metasploit module exploits the Git fetch command in the Gitea repository migration process to allow for remote command execution on the system. This vulnerability affect Gitea versions prior to 1.16.7.