#rce

CVE-2022-36444

An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. A remote code execution vulnerability may allow an unauthenticated attacker (with network access to the admin interface) to disrupt system availability or potentially compromise the confidentiality and integrity of the system.

2 years ago

CVE

Open in Source

#vulnerability #rce #pdf #auth

Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery

Hello everyone! Microsoft has been acting weird lately. I mean the recent publication of a propaganda report about evil Russians and how Microsoft is involved in the conflict between countries. It wouldn’t be unusual for a US government agency, NSA or CIA to publish such a report. But when a global IT vendor, which, in […]

2 years ago

Alexander V. Leonov

Open in Source

#vulnerability #web #mac #windows #google #microsoft #rce #buffer_overflow #auth #chrome #blog

Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments

Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology.

2 years ago

DARKReading

Open in Source

#vulnerability #mac #windows #linux #c++#rce #vmware #log4j #auth

Open-Xchange App Suite 7.10.x Cross Site Scripting / Command Injection

Open-Xchange App Suite versions 7.10.6 and below suffer from OS command injection and cross site scripting vulnerabilities. One particular cross site scripting issue only affects versions 7.10.5 and below.

2 years ago

Packet Storm

Open in Source

#xss #vulnerability #web #ios #js #git #java #rce #perl #ssrf #auth

Zyxel firewall vulnerabilities left business networks open to abuse

Severity of code execution bug mitigated by ‘high uptake’ of previous patch

2 years ago

PortSwigger

Open in Source

#vulnerability #web #wordpress #rce #perl #auth

GHSA-6rh6-x8ww-9h97: Grails framework Remote Code Execution via Data Binding

### Impact A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, or an executable JAR. ### Patches Grails framework versions 5.2.1, 5.1.9, 4.1.1, and 3.3.15 ### References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35912 https://grails.org/blog/2022-07-18-rce-vulnerability.html ### For more information If you have any questions or comments about this advisory: * https://grails.org/blog/2022-07-18-rce-vulnerability.html * https://github.com/grails/grails-core/issues/12626 * Email us at [[email protected]](mailto:[email protected]) ### Credit This vulnerability was discovered by [meizjm3i](https://github.com/meizjm3i) and [codeplutos](https://github.com/codeplutos) of AntGroup FG Security Lab

2 years ago

ghsa

Open in Source

#vulnerability #git #java #rce #maven

CodoForum 5.1 Remote Code Execution

CodoForum version 5.1 suffers from a remote code execution vulnerability.

2 years ago

Packet Storm

Open in Source