ruby:3.0 security update

ruby 3.0.7-143 - Fix Zlib test failures on s390x due to HW acceleration Related: RHEL-36189 3.0.7-142 - Upgrade to Ruby 3.0.7. Resolves: RHEL-36189 - Fix HTTP response splitting in CGI. Resolves: RHEL-36193 - Fix ReDoS vulnerability in URI. Resolves: RHEL-36196 - Fix ReDoS vulnerability in Time...

changedetection < 0.45.20 - Remote Code Execution (RCE)

Exploit Title: changedetection = 0.45.20 Remote Code Execution RCE Date: 5-26-2024 Exploit Author: Zach Crosman zcrosman Vendor Homepage: changedetection.io Software Link: https://github.com/dgtlmoon/changedetection.io Version: = 0.45.20 Tested on: Linux CVE : CVE-2024-32651 from pwn import impor...

CVE-2024-2422

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands...

CVE-2024-2421

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions...

CVE-2024-2422 LenelS2 NetBox Improper Neutralization of Argumented Delimiters

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands...

CVE-2024-2422

LenelS2 NetBox (LenelS2/Carrier) is affected by CVE-2024-2422, an authenticated RCE in NetBox versions up to and including 5.6.1. The vulnerability affects the NetBox access control and event monitoring system and can allow an attacker to execute arbitrary commands with elevated privileges. Remed...

CVE-2024-2422 LenelS2 NetBox Improper Neutralization of Argumented Delimiters

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands...

CVE-2024-2421 LenelS2 NetBox Improper Neutralization of Special Elements

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions...

CVE-2024-2421

LenelS2 NetBox

CVE-2024-2421 LenelS2 NetBox Improper Neutralization of Special Elements

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions...

Moderate: Red Hat Security Advisory: ruby:3.0 security update

An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : ruby:3.0 (RHSA-2024:3500)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3500 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

ALSA-2024:3500 Moderate: ruby:3.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS...

Moderate: ruby:3.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

!Confluence-RCEhttps://socialify.git.ci/BBD-YZZ/Confluence-RC...

ElkArte Forum 1.1.9 Remote Code Execution Vulnerability

Exploit Title : ElkArte Forum 1.1.9 - Remote Code Execution RCE Authenticated Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.elkarte.net/ Software Link : https://github.com/elkarte/Elkarte/releases/download/v1.1.9/ElkArtev1-1-9install.zip Version : 1.1.9 1 After login go t...

CVE-2024-35236

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges upload, creation of libraries can lead to remote code execution RCE in t...

CVE-2024-35236 Audiobookshelf Cross-Site-Scripting vulnerability via crafted ebooks

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges upload, creation of libraries can lead to remote code execution RCE in t...

CVE-2024-35236

CVE-2024-35236 affects Audiobookshelf before version 2.10.0. Opening an ebook containing malicious scripts can cause code execution in the browser context; a user with high privileges (e.g., upload or library creation) could lead to remote code execution. The issue was demonstrated on version 2.9...

CVE-2024-35236 Audiobookshelf Cross-Site-Scripting vulnerability via crafted ebooks

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges upload, creation of libraries can lead to remote code execution RCE in t...