Oracle Linux 8 : systemd (ELSA-2024-3203)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3203 advisory. - Oracle-Redhat Errata ELSA-2023:3837 CVE-2023-26604 OLERRATA-43629 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

Code Injection in heroku/heroku-exec-util

Description The heroku-exec-util module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var heu = require'heroku-exec-util'; heu.sshargs:,'test; touch...