#rce

Proof of concept remote code execution exploit for Ivanti EPM versions prior to 2022 SU6 or the 2024 September update.

Proof of concept remote code execution exploit for GeoServer versions prior 2.23.6, 2.24.4, and 2.25.2.

Their findings highlight the frailty of some of the mechanisms for establishing trust on the Internet.

A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America.

This Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the lister_fichiers_par_champs function, which is triggered when the bigup_retrouver_fichiers parameter is set to any value. By exploiting the improper handling of multipart form data in file uploads, an attacker can inject and execute arbitrary PHP code on the target server. This critical vulnerability affects all versions of SPIP from 4.0 up to and including 4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code remotely via the public interface. The vulnerability has been patched in versions 4.3.2, 4.2.16, and 4.1.18.

Ubuntu Security Notice 7002-1 - It was discovered that setuptools was vulnerable to remote code execution. An attacker could possibly use this issue to execute arbitrary code.

Red Hat Security Advisory 2024-6612-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-6611-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-6610-03 - An update for git is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: AADvance Trusted SIS Workstation Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker executing code within the context of a current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AADvance Trusted SIS Workstation, a manufacturing controller management suite, are affected: AADvance Trusted SIS Workstation: 2.00.01 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 A vulnerability exists which could allow remote threat actors to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability because the target must visit a malicious page or open a malicious file. The specific vulnerability exists in the analysis of 7Z files. The problem results from the lack of proper validation of ...