Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)

Exploit Title: Frappe Framework ERPNext 13.4.0 - Remote Code Execution Authenticated Exploit Author: Sander Ferdinand Date: 2023-06-07 Version: 13.4.0 Vendor Homepage: http://erpnext.org Software Link: https://github.com/frappe/frappe/ Tested on: Ubuntu 22.04 CVE : none Silly sandbox escape. Frap...

Exploit for Classic Buffer Overflow in Extremenetworks Iq_Engine

CVE-2023-35803 - Unauthenticated RCE in Extreme Networks/Aer...

CVE-2023-1901

The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash DoS or potential RCE on the Host layer...

CVE-2023-1902

The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash DoS or potential RCE on the Host layer...

Command injection

The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash DoS or potential RCE on the Host layer...

Null pointer dereference

The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash DoS or potential RCE on the Host layer...

CVE-2023-1901

The CVE concerns Zephyr's Bluetooth HCI host layer. The issue arises from not clearing a global reference to a semaphore after synchronously sending HCI commands, which may allow a malicious HCI Controller to reuse a dangling reference in the host layer. Reported impacts include DoS via a crash a...

CVE-2023-1901 HCI send_sync Dangling Semaphore Reference Re-use

The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash DoS or potential RCE on the Host layer...

CVE-2023-1901 HCI send_sync Dangling Semaphore Reference Re-use

The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash DoS or potential RCE on the Host layer...

CVE-2023-1902 HCI Connection Creation Dangling State Reference Re-use

The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash DoS or potential RCE on the Host layer...

CVE-2023-1902 HCI Connection Creation Dangling State Reference Re-use

The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash DoS or potential RCE on the Host layer...

CVE-2023-1902

CVE-2023-1902 concerns Zephyr RTOS: the Bluetooth HCI host layer does not clear a global reference to a state pointer after processing connection events. This can let a malicious HCI Controller reuse a dangling reference in the host layer, causing a crash (DoS) or potential remote code execution....

Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit RCE Exploit

Title: Microsoft Outlook Microsoft 365 MSO Version 2306 Build 16.0.16529.20100 32-bit - Remote Code Execution Author: nu11secur1ty Date: 07.07.2023 Vendor: https://www.microsoft.com/ Software: https://outlook.live.com/owa/ Reference:...

Apache RocketMQ 5.1.0 Arbitrary Code Injection Exploit

RocketMQ versions 5.1.0 and below are vulnerable to arbitrary code injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that...

CVE-2023-27869

CVE-2023-27869 affects IBM Db2 JDBC Driver for Db2 on Linux/UNIX/Windows (versions 10.5, 11.1, 11.5). The issue is caused by an unchecked logger injection via the named traceFile property, enabling a remote authenticated attacker to execute arbitrary code on the system. IBM bulletins list this al...

Metasploit Weekly Wrap-Up

Apache RocketMQ We saw some great teamwork this week from jheysel-r7 and h00die to bring you an exploit module for CVE-2023-33246. In Apache RocketMQ version 5.1.0 and under, there is an access control issue which the module leverages to update the broker's configuration file without...

Archive_Tar contains Potential RCE if filename starts with phar://

PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...

GHSA-3Q76-JQ6M-573P Archive_Tar contains Potential RCE if filename starts with phar://

PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...

Mongoose Prototype Pollution Vulnerability

If an attacker has some way to control an object on the Mongo server through one way or another, it is possible to cause prototype pollution on any Mongoose client. Notably, if a poorly implemented service allows a user to control the object in findByIdAndUpdate and similar functions, this bug...

CVE-2023-37170

TOTOLINK A3300R (V17.0.0cu.557_B20221024) is affected by CVE-2023-37170: an unauthenticated remote code execution via the lang parameter in the setLanguageCfg function. The vulnerability is described in multiple sources as a code execution condition stemming from improper handling of input in the...