Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2021-41738: rootless – Medium

ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands.

CVE
Open in Source
#vulnerability#web#php#rce#auth
CVE-2017-20040: Full Disclosure: SICUNET Physical Access Controller

A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement.

PHDays 11: towards the Independence Era

Hello everyone! In this episode, I want to talk about the Positive Hack Days 11 conference, which took place on May 18 and 19 in Moscow. As usual, I want to express my personal opinion about this event. Alternative video link (for Russia): https://vk.com/video-149273431_456239091 As I did last year, I want to start talking about this […]

CVE-2022-25863: fix(gatsby-plugin-mdx): don't allow JS frontmatter by default by pieh · Pull Request #35830 · gatsbyjs/gatsby

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing.

CVE-2022-24376: Command Injection vulnerability in [email protected]

All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.

CVE-2017-20018: XAMPP 7.1.1-0-VC14 DLL Hijacking ≈ Packet Storm

A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely.

CVE-2019-25067: Offensive Security’s Exploit Database Archive

A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-22021: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.