#git

This Metasploit module leverages an unauthenticated remote command execution vulnerability in Ivanti's EPM Agent Portal where an RPC client can invoke a method which will run an attacker-specified string on the remote target as NT AUTHORITY\SYSTEM. This vulnerability is present in versions prior to EPM 2021.1 Su4 and EPM 2022 Su2.

Judge0 does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox.

Ubuntu Security Notice 7091-2 - USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for ruby2.7 in Ubuntu 20.04 LTS. It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ruby incorrectly handled parsing of an XML document that has many entity expansions with SAX2 or pull parser API. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. It was discovered that Ruby incorrectly handled parsing of an XML document that has many digits in a hex numeric character reference. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service.

The future of cybersecurity isn't about preventing every breach — it's about learning and growing stronger with each attack.

When a cybersecurity incident occurs, it's not just IT systems and data that are at risk — a company's reputation is on the line, too.

Choosing the best on-ramp and off-ramp solutions is a key part of navigating the cryptocurrency landscape – to…

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Automated Logic Equipment: WebCTRL Premium Server Vulnerabilities: Unrestricted Upload of File with Dangerous Type, URL Redirection to Untrusted Site ('Open Redirect') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary commands on the server hosting WebCTRL or redirect legitimate users to malicious sites. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Automated Logic products are affected: Automated Logic WebCTRL® Server : Version 7.0 Carrier i-Vu: Version 7.0 Automated Logic SiteScan Web: Version 7.0 Automated Logic WebCTRL for OEMs: Version 7.0 3.2 Vulnerability Overview 3.2.1 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434 A vulnerability in Automated Logic WebCTRL 7.0 allows an unauthenticated user to upload files of dangerous types without restrictions, which could lead to re...

Chinese black market operators are openly recruiting government agency insiders, paying them for access to surveillance data and then reselling it online—no questions asked.

Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars. All of the accused parties have been

### Impact First noticed in Opencast 13 and 14, Opencast's Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable search queries. From Opencast version 11.4 and newer, Elasticsearch queries are retried a configurable number of times in the case of error to handle temporary losses of connection to Elasticsearch. These invalid queries would fail, causing the retry mechanism to begin requerying with the same syntactically invalid query immediately, in an infinite loop. This causes a massive increase in log size which can in some cases cause a denial of service due to disk exhaustion. ### Patches Opencast 13.10 and Opencast 14.3 contain patches (https://github.com/opencast/opencast/pull/5150, and https://github.com/opencast/opencast/pull/5033) which address the base issue, with Opencast 16.7 containing changes which harmonize the search behaviour between the admin UI and external API. Users are strongly recommended to up...