Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

RHEL 9 : ruby (RHSA-2024:3838)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3838 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

GHSA-V5GF-R78H-55Q6 document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Impact What kind of vulnerability is it? Who is impacted? A remote code execution RCE via server-side template injection SSTI allows for user supplied code to be executed in the server's context where it is executed as the document-merge-server user with the UID 901 thus giving an attacker...

document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Impact What kind of vulnerability is it? Who is impacted? A remote code execution RCE via server-side template injection SSTI allows for user supplied code to be executed in the server's context where it is executed as the document-merge-server user with the UID 901 thus giving an attacker...

Moderate: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

VSCode ipynb Remote Development RCE

VSCode when opening an Jupyter notebook .ipynb file bypasses the trust model. On versions v1.4.0 - v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at...

Patch Tuesday - June 2024

It’s June 2024 Patch Tuesday. Microsoft is addressing 51 vulnerabilities today, and has evidence of public disclosure for just a single one of those. At time of writing, none of the vulnerabilities published today are listed on CISA KEV, although this is always subject to change. Microsoft is...

CVE-2024-30062

CVE-2024-30062 affects Windows Standards-Based Storage Management Service. The connected data documents confirm a local, user-interaction–required remote code execution vulnerability in Windows Storage components, with CVSSv3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (base 7.8). The issue is tied to...

Exploit for OS Command Injection in Php

CVE-2024-4577 This is a PoC for PHP CVE-2024-4577. Introdu...

POC Exploit Code Released for Apache HugeGraph RCE Vulnerability

...

VSCode ipynb Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VSCode ipynb Remote Development RCE', 'Description' = %q VSCode when opening an Jupyter notebook .ipynb file bypasses the trust model. On version...

Oracle Linux 8 : ruby:3.3 (ELSA-2024-3670)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3670 advisory. - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37448 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281...

Fedora 40 : strongswan (2024-6712c699fc)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-6712c699fc advisory. Fixes CVE-2023-41913 buffer overflow and possible RCE, various IKEv2 improvements Tenable has extracted the preceding description block directly from the...

ALSA-2024:3838 Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0. AlmaLinux-35740 Security Fixes: ruby/cgi-gem: HTTP response...

Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0. AlmaLinux-35740 Security Fixes: ruby/cgi-gem: HTTP response...

CVE-2024-36418 SuiteCRM authenticated RCE using connectors

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36418 SuiteCRM authenticated RCE using connectors

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-37014

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/customcomponent" endpoint and provide a Python script...

AlmaLinux 8 : ruby:3.3 (ALSA-2024:3670)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3670 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...

AlmaLinux 9 : ruby:3.3 (ALSA-2024:3671)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3671 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...