OESA-2022-1737 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...

Robustel R1510 clish art2 command execution vulnerability

Summary A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Robustel R1510 3.3.0...

OpenSSL 1.0.2 < 1.0.2zf Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2zf. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zf advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...

CVE-2021-44673

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...

CVE-2021-44673

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...

Remote code execution

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...

CVE-2021-44673

Croogo 3.0.2 is affected by an arbitrary file upload vulnerability in the admin/file-manager/attachments path that lets a malicious user upload a PHP web shell, enabling remote code execution. Root cause: unrestricted file uploads in the attachment handler. Exploitation details and a concrete fix...

CVE-2021-44673

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...

Zabbix Sia Zabbix has an unspecified vulnerability (CNVD-2022-11529)

Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. Zabbix 4.0 LTS, 4.2, 4.4 and 5.0 LTS versions are vulnerable due to a lack of filtering and escaping of user submitted command parameters. Any user with the "Zabbix Administrator" role can run a...

CVE-2021-46088

Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution RCE. Any user with the "Zabbix Admin" role is able to run custom shell script on the application server in the context of the application user...

Remote code execution

Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution RCE. Any user with the "Zabbix Admin" role is able to run custom shell script on the application server in the context of the application user...

Zabbix Sia Zabbix 安全漏洞

Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. Zabbix 4.0 LTS, 4.2, 4.4 and 5.0 LTS versions are vulnerable due to a lack of filtering and escaping of user submitted command parameters. Any user with the "Zabbix Administrator" role can run a...

Cybercriminals Actively Target VMware vSphere with Cryptominers

Organizations running sophisticated virtual networks with VMware’s vSphere service are actively being targeted by cryptojackers, who have figured out how to inject the XMRig commercial cryptominer into the environment, undetected. Uptycs’ Siddharth Sharma has released research showing threat acto...

Exploit for Out-of-bounds Write in Apple Macos

CVE-2021-30853 A simple POC script to test for CVE-2021-30657...

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects MaaS360 Enterprise Gateway

Summary There is a vulnerability in the Apache Log4j open source library. This library is not used within the MaaS360 Enterprise Gateway code, but is contained within the package of the MaaS360 Enterprise Gateway module. The Enterprise Gateway module is contained within the MaaS360 Cloud Extender...

Privilege Escalation

github.com/fluxcd/kustomize-controller is vulnerable to privilege escalation. Users with privilege to create Kubernetes Secrets, Service Accounts and Flux Kustomization objects is allowed to use kustomize-controller to execute shell commands on the container OS via embedding a shell script in a...

Design/Logic Flaw

kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could...

Exploit for Missing Authorization in Apple Mac_Os_X

CVE-2021-30657 A simple POC for CVE-2021-30657 affecting MacOS...

CVE-2011-4125

A untrusted search path issue was found in Calibre at devices/linuxmounthelper.c leading to the ability of unprivileged users to execute any program as root...

CVE-2021-34409

It was discovered that the installation packages of the Zoom Client for Meetings for MacOS Standard and for IT Admin installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post-...