#rce

Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and __call in Faker\Generator.php.

More than $300,000 was handed out in GCP prize money during 2021

Proof of concept script that exploits the remote code execution vulnerability affecting Atlassian Confluence versions 7.18 and below. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance. All supported versions of Confluence Server and Data Center are affected. Confluence Server and Data Center versions after 1.3.0 and below 7.18.1 are affected. The vulnerability has a CVSS score of 10 out of 10 for criticality.

Confluence suffers from a pre-authentication remote code execution vulnerability that is leveraged via OGNL injection. All 7.4.17 versions before 7.18.1 are affected.

Red Hat Security Advisory 2022-4919-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include HTTP request smuggling, code execution, denial of service, memory leak, and traversal vulnerabilities.

Red Hat Security Advisory 2022-4918-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include HTTP request smuggling, code execution, denial of service, memory leak, and traversal vulnerabilities.

Red Hat Security Advisory 2022-4922-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include HTTP request smuggling, code execution, denial of service, memory leak, and traversal vulnerabilities.

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.

The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario.

Caphyon Ltd Advanced Installer 19.2 was discovered to contain a remote code execution (RCE) vulnerability via the Update Check function.