RUSTSEC-2023-0060 libwebp: OOB write in BuildHuffmanTable

Google and Mozilla have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild. libwebp needs to be updated to 1.3.2 to include a patch for "OOB write in BuildHuffmanTable"...

CVE-2023-4759 Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

CVE-2023-4759

CVE-2023-4759 (Eclipse JGit) affects all versions

RCE (Remote Code Execution) in Confluence Data Center and Server - CVE-2022-1471

h2. Summary of Vulnerability Multiple Atlassian Data Center and Server Products use the SnakeYAML library for Java, which is susceptible to a deserialization flaw that can lead to RCE Remote Code Execution. i Atlassian Cloud sites are not affected by this vulnerability. If your site is accessed v...

Important: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Important: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2022-28832 Adobe InDesign Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe InDesign versions 17.1 and earlier and 16.4.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context...

CVE-2023-42470

The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content...

Apache Axis Input Validation Error Vulnerability

Apache Axis is the United States Apache Apache Foundation of an open source , XML-based Web services architecture . The product contains a SOAP server implemented in Java and C++ languages , as well as a variety of utility services and APIs to generate and deploy Web services applications. Apache...

CVE-2023-42470

The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content...

RHEL 8 : flac (RHSA-2023:5045)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5045 advisory. FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference...

RHEL 9 : flac (RHSA-2023:5047)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5047 advisory. FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference...

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 PoC - Unauthenticated RCE in Cacti 1.2.22 This...

VMware vRealize Log Insight Unauthenticated RCE

VMware vRealize Log Insights versions v8.x contains multiple vulnerabilities, such as directory traversal, broken access control, deserialization, and information disclosure. When chained together, these vulnerabilities allow a remote, unauthenticated attacker to execute arbitrary commands on the...

Sql injection

A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...

Kibana Timelion Prototype Pollution RCE

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the...

Metasploit Weekly Wrap-Up

New module content 4 Roundcube TimeZone Authenticated File Disclosure Authors: joel, stonepresto, and thomascube Type: Auxiliary Pull request: 18286 contributed by cudalac Path: auxiliary/gather/roundcubeauthfileread AttackerKB reference: CVE-2017-16651 Description: This PR adds a module to...

Exploit for Insecure Default Initialization of Resource in Apache Superset

CVE-2023-27524: Apache Superset Auth Bypass and RCE Apache Su...

Event Ticketing System 1.0 Cross Site Scripting

Title: Event Ticketing System-1.0 XSS-Reflected - RCE Author: nu11secur1ty Date: 09/08/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-ticketing-system/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The...

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2023-324)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-324 advisory. In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities...