ABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. The vulnerable uploadFile() function in bigUpload.php improperly reads raw POST data using the php://input wrapper without sufficient validation. This data is passed to the fwrite() function, allowing arbitrary file writes. Combined with an improper sanitization of file paths, this leads to directory traversal, allowing an attacker to upload malicious files to arbitrary locations. Once a malicious file is written to an executable directory, an authenticated attacker can trigger the file to execute code and gain unauthorized access to the building controller.
da48953d86e3e633d210a21a755ad55098b6f12fdc0866504b37f9828d654fc5This Metasploit module exploits a remote code execution vulnerability in Traccar versions 5.1 through 5.12. Remote code execution can be obtained by combining path traversal and an unrestricted file upload vulnerabilities. By default, the application allows self-registration, enabling any user to register an account and exploit the issues. Moreover, the application runs by default with root privileges, potentially resulting in a complete system compromise. This Metasploit module, which should work on any Red Hat-based Linux system, exploits these issues by adding a new cronjob file that executes the specified payload.
0bc1add3ef020b8c6e70e1d2ec3bfd3d9c59d68531db58229710061c08ef8c2eGentoo Linux Security Advisory 202409-23 - A vulnerability has been found in ZNC which could result in remote code execution. Versions greater than or equal to 1.9.1 are affected.
5276eaec5d294b149dd777f15a54635b812994f30b09515c6729b4c0b8503229Gentoo Linux Security Advisory 202409-21 - Multiple vulnerabilities have been discovered in Hunspell, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.7.1 are affected.
ec0c79de8e52535ee9af2ba078d9138f5de736bb282e88eca2bc85799ba039aaRed Hat Security Advisory 2024-7003-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution and use-after-free vulnerabilities.
f5f3623ce18bfedef1df3b35b648def4e5367dabeb77d024bd2af317d581f432Red Hat Security Advisory 2024-7002-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution, null pointer, and use-after-free vulnerabilities.
bcb30235b9540c6741f9560c01ee3d3305536ea741d3e392b5c83e04abb796e9Red Hat Security Advisory 2024-6907-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.
70e01044b471297410d066c61014264d7aa8e71f06687db355eeebad21c7720bGentoo Linux Security Advisory 202409-19 - A vulnerability has been found in Emacs and org-mode which could result in arbitrary code execution. Versions greater than or equal to 26.3-r19:26 are affected.
9575a688eb9e213c626695cd2690c2252477d90aa854884afb0f3862b7c45461Gentoo Linux Security Advisory 202409-17 - Multiple vulnerabilities have been discovered in VLC, the worst of which could result in arbitrary code execution. Versions greater than or equal to 3.0.20 are affected.
ebb2bac7057a961878ccd319ba221e8792667cde32a65caba4fdf913bda602faGentoo Linux Security Advisory 202409-16 - Multiple vulnerabilities have been discovered in Slurm, the worst of which could result in privilege escalation or code execution. Versions less than or equal to 22.05.3 are affected.
ff2981e0c7957a84bb193ea5e001ca9c17d89f401368583d50099381b7412c6dGentoo Linux Security Advisory 202409-13 - Multiple vulnerabilities have been discovered in gst-plugins-good, the worst of which could lead to denial of service or arbitrary code execution. Versions greater than or equal to 1.20.3 are affected.
7bc85386edd9b978a19ae7e18d7b6e122bdd51c917e8a894f59215c2328567e5Gentoo Linux Security Advisory 202409-12 - Multiple vulnerabilities have been discovered in pypy and pypy3, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 7.3.3_p37_p1-r1 are affected.
67a72a29541dfe1a339c4c120bfd5675850548ab51544d12bd451de53da4c45dGentoo Linux Security Advisory 202409-9 - A vulnerability has been discovered in Exo, which can lead to arbitrary code execution. Versions greater than or equal to 4.17.2 are affected.
712d5b1aa7545c51fe1bef12d8c237d73ae50f03edf1af67b3c8ca6e08f91339Gentoo Linux Security Advisory 202409-7 - Multiple vulnerabilities have been discovered in Rust, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.71.1 are affected.
e5aa40d2adbb6aac1c253359c2433878f2e3e48f28339de699e1484a5cf832f9Gentoo Linux Security Advisory 202409-5 - A vulnerability has been discovered in PJSIP, which could lead to arbitrary code execution. Versions greater than or equal to 2.13.1 are affected.
5e38f072010ee285cf46682abfd102f781b53d058c1210e1b018a140dfd64745Gentoo Linux Security Advisory 202409-4 - Multiple vulnerabilities have been discovered in calibre, the worst of which could lead to remote code execution. Versions greater than or equal to 7.16.0 are affected.
63f9a3d6a5bff26d14c87b2fba8c59318ca8dc99843106c3a92e3298aa4faa3bGentoo Linux Security Advisory 202409-3 - Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 10.03.1 are affected.
3e3e8c548b3c2bb20ef348e922863417ea7d658a2f9eceb095fe3925ecf4d57dRed Hat Security Advisory 2024-6705-03 - Red Hat OpenShift Container Platform release 4.12.66 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and traversal vulnerabilities.
e1d594e7979e2685e06c54b467fdf7e8d166c6c158567155dab4ac4742114160Red Hat Security Advisory 2024-6685-03 - Red Hat OpenShift Container Platform release 4.15.33 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and traversal vulnerabilities.
36b1cbfc51faea3697205cc3a774b6465d137ac0c6766ce970d40b7bc9b473bfRed Hat Security Advisory 2024-6691-03 - Red Hat OpenShift Container Platform release 4.13.50 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and traversal vulnerabilities.
3f162820304a59765b631d7f9cf18e93c3e252dea0baf6c1817bc5036e63adadRed Hat Security Advisory 2024-6689-03 - Red Hat OpenShift Container Platform release 4.14.37 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and traversal vulnerabilities.
dfc8ec5fb40f616efd3385697be48d5f05fee7cc0ca00f9f30fe4ebe5051fff4Red Hat Security Advisory 2024-6687-03 - Red Hat OpenShift Container Platform release 4.16.13 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and traversal vulnerabilities.
67ea9795cef54f7df0103b989b24dd862154be5392ba7a2d09b4f537c7d1510eBackdoor.Win32.BlackAngel.13 malware suffers from a code execution vulnerability.
717e62131924ca1af11ac62c8dd44bd60d6cffaaf4066df556a537c3442d678eRed Hat Security Advisory 2024-6726-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a code execution vulnerability.
8da1af33ccd27fdce30013232ee0f14bc2b96116f470eac2a05cf2734e08afbeProof of concept remote code execution exploit for Rejetto HTTP File Server (HFS) version 2.3m.
94abc34636ee9d2ee77ab7b6f4f07a3e5915b2c3ea027b41ba855261a1cd204a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed