#rce

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references. ## Original Description An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.

Red Hat Security Advisory 2024-8235-03 - Red Hat OpenShift Container Platform release 4.14.39 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, denial of service, and out of bounds write vulnerabilities.

### Summary The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such a folder by changing the download folder to a folder in `/scripts` path and using the `/flashgot` API to download the file. ### Details **Configuration changes** 1. Change the download folder to `/home/<user>/.pyload/scripts` 2. Change permissions for downloaded files: 1. Change permissions of downloads: on 2. Permission mode for downloaded files: 0744 **Making the request to download files** The `flashgot` API provides functionality to download files from a provided URL. Although pyload tries to prevent non-local requests from being able to reach this API, it relies on checking the Host header and the Referer header of the incoming request. Both of these can be set by an att...

Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin. But don't worry, we're here to break it all down in plain English and arm you with the

The severity of the Remote Code Execution – Microsoft SharePoint (CVE-2024-38094) vulnerability has increased. It was fixed as part of the July Microsoft Patch Tuesday (July 9). SharePoint is a popular platform for corporate portals. According to the Microsoft bulletin, аn authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code […]

### Impact A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the `chroot` jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher container itself. For the test and development environments, based on a –privileged Docker container, it is possible to escape the Docker container and gain execution access on the host system. This happens because: - During startup, Rancher appends the `/opt/drivers/management-state/bin` directory to the `PATH` environment variable. - In Rancher, the binaries `/usr/bin/rancher-machine`, `/usr/bin/helm_v3`, and `/usr/bin/kustomize` are assigned a UID of 1001 and a GID of 127 instead of being owned by the root user. - Rancher employs a jail mechanism to isolate the execution of node drivers from the main process. However, the drivers are executed with excessive permissions. - During the...

Fortinet and Mandiant investigated the mass exploitation of FortiManager devices via CVE-2024-47575, impacting 50+ systems across industries. Threat…

Vulnhuntr is a Python static code analyzer that uses Claude AI to find and explain complex, multistep vulnerabilities.

php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below.

### Summary Usage of the `Butterfly.prototype.parseJSON` or `getJSON` functions on an attacker-controlled crafted input string allows the attacker to execute arbitrary JavaScript code on the server. Since Butterfly JavaScript code has access to Java classes, it can run arbitrary programs. ### Details The `parseJSON` function (edu/mit/simile/butterfly/Butterfly.js:64) works by calling `eval`, an approach that goes back to the original library by Crockford, before JSON was part of the ECMAScript language. It uses a regular expression to remove strings from the input, then checks that there are no unexpected characters in the non-string remainder. However, the regex is imperfect, as was [discovered earlier by Mike Samuel](https://dev.to/mikesamuel/2008-silently-securing-jsonparse-5cbb); specifically, the "cleaner" can be tricked into treating part of the input as a string that the "evaluator" does not, because of a difference in interpretation regarding the [the Unicode zero-width jo...