#rce

By Deeba Ahmed A recent discovery of 4 security flaws in ThroughTek's Kalay platform leaves millions of IoT devices exposed. This article explores the security risks to your connected home and the broader threat to IoT devices. Act now – secure your smart devices! This is a post from HackRead.com Read the original post: IoT Cameras Exposed by Chainable Exploits, Millions Affected

A Server-Side Request Forgery (SSRF) vulnerability exists in the wandb/wandb repository due to improper handling of HTTP 302 redirects. This issue allows team members with access to the 'User settings -> Webhooks' function to exploit this vulnerability to access internal HTTP(s) servers. In severe cases, such as on AWS instances, this could potentially be abused to achieve remote code execution on the victim's machine. The vulnerability is present in the latest version of the repository.

Magento Commerce and Open Source 2.3.0, 2.2.7 and 2.1.16 contain multiple security enhancements that help close Remote Code Execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities.

Magento Commerce and Open Source 2.2.5 and 2.1.14 contain multiple security enhancements that help close authenticated Admin user remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities.

Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 have been enhanced with critical security updates to address multiple vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF), and more. The following issues have been identified and remediated: - PRODSECBUG-1589: Stops Brute Force Requests via basic RSS authentication - MAG-23: M1 Credit Card Storage Capability - PRODSECBUG-2149: Authenticated RCE using customer import - PRODSECBUG-2159: API Based RCE Vulnerability - PRODSECBUG-2156: RCE Via Unauthorized Upload - PRODSECBUG-2155: Authenticated RCE using dataflow - PRODSECBUG-2053: Prevents XSS in Newsletter Template - PRODSECBUG-2142: XSS in CMS Preview - PRODSECBUG-1860: Admin Account XSS Attack Cessation via Filename - PRODSECBUG-2119: EE Patch to include names in templates - PRODSECBUG-2129: XSS in Google Analytics Vulnerability - PRODSECBUG-2019: Merchant Wishlist Security Strengthening - PRODSECBUG-2104: Send to a Frie...

Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well. Note: while the vulnerability is scored as critical, few systems are affected. To be affected by the vulnerability the installation has to: - use sendmail as the mail transport agent - have specific, non-default configuration settings as described [here](https://magento.com/security/patches/supee-9652#:~:text=settings%20as%20described-,here,-.).

SUPEE-10975, Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 contain multiple security enhancements that help close remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities.

Magento Commerce 1.14.3.9 and Open Source 1.9.3.9 bring essential security enhancements with Patch SUPEE-10752. These updates address various vulnerabilities, including authenticated Admin user remote code execution (RCE), cross-site request forgery (CSRF), and more. Key Security Improvements: - APPSEC-2001: Authenticated Remote Code Execution (RCE) using custom layout XML - APPSEC-2015: Authenticated Remote Code Execution (RCE) through the Create New Order feature (Commerce only) - APPSEC-2042: PHP Object Injection and RCE in the Magento admin panel (Commerce Target Rule module) - APPSEC-2029: PHP Object Injection and Remote Code Execution (RCE) in the Admin panel (Commerce) - APPSEC-2007: Authenticated SQL Injection when saving a category - APPSEC-2027: CSRF is possible against Web sites, Stores, and Store Views - APPSEC-1882: The cron.php file can leak database credentials - APPSEC-2006: Stored cross-site scripting (XSS) through the Enterprise Logging extension - APPSEC-2005: Pers...

Applications using the "cookie" session driver that were also exposing an encryption oracle via their application were vulnerable to remote code execution. An encryption oracle is a mechanism where arbitrary user input is encrypted and the encrypted string is later displayed or exposed to the user. This combination of scenarios lets the user generate valid Laravel signed encryption strings for any plain-text string, thus allowing them to craft Laravel session payloads when an application is using the "cookie" driver.

Application's using the "cookie" session driver were the primary applications affected by this vulnerability. Since we have not yet released a security release for the Laravel 5.5 version of the framework, we recommend that all applications running Laravel 5.5 and earlier do not use the "cookie" session driver in their production deployments. Regarding the vulnerability, applications using the "cookie" session driver that were also exposing an encryption oracle via their application were vulnerable to remote code execution. An encryption oracle is a mechanism where arbitrary user input is encrypted and the encrypted string is later displayed or exposed to the user. This combination of scenarios lets the user generate valid Laravel signed encryption strings for any plain-text string, thus allowing them to craft Laravel session payloads when an application is using the "cookie" driver. This fix prefixes cookie values with an HMAC hash of the cookie's name before encryption and then ver...