#rce

Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.

A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). To exploit the vulnerability, the internal video chat window must be disabled or a Mac App Store build must be used (internalVideoChatWindow.ts#L14). The vulnerability may be exploited by an XSS attack because the function openInternalVideoChatWindow is exposed in the Rocket.Chat-Desktop-API.

This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 (CVE-2020-35476) in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.0 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the yrange parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.3.0.

AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code.

A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands.

Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited by an unauthenticated remote adversary to obtain a user's plaintext passwords. "Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate their privileges within

The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center (MSTIC) is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or developing activity clusters. Zerobot, first documented by Fortinet FortiGuard Labs earlier this month,

# Overview For versions `<=8.5.1` of `jsonwebtoken` library, if a malicious actor has the ability to modify the key retrieval parameter (referring to the `secretOrPublicKey` argument from the [readme link](https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback)) of the `jwt.verify()` function, they can gain remote code execution (RCE). # Am I affected? You are affected only if you allow untrusted entities to modify the key retrieval parameter of the `jwt.verify()` on a host that you control. # How do I fix it? Update to version 9.0.0 # Will the fix impact my users? The fix has no impact on end users. # Credits [Palo Alto Networks](https://www.paloaltonetworks.com/)

Eclipse Business Intelligence Reporting Tool versions 4.11.0 and below suffer from a bypass vulnerability that allows for remote code execution.