While parsing test result XML files with the TestRail CLI, the presence of certain TestRail-specific fields can cause untrusted data to flow into an eval() statement, leading to arbitrary code execution. In order to exploit this, an attacker would need to be able to cause the TestRail CLI to parse a malicious XML file. Normally an attacker with this level of control would already have other avenues of gaining code execution.
23defc505c60d8487fbaa6cc446dcdfe879f30097f49592151de5e51f416f7ffGentoo Linux Security Advisory 202411-5 - Multiple vulnerabilities have been discovered in libgit2, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.7.2 are affected.
e36ba141a68d9eadb1c20bef1827ab09621c613c4c563ec80cbe3f0d52723bb6Gentoo Linux Security Advisory 202411-4 - A vulnerability has been discovered in EditorConfig Core C library, which may lead to arbitrary code execution. Versions greater than or equal to 0.12.6 are affected.
22e8d912ecfeb15108a828059979255588a6e09b263f2522d67ccdce1dfd0ef9IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.
bbe5e2c1ca7d3b42c24076cc8aa46544dec9bd260d2ef8b56f24a6ec52ecd952SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.
d1c79ff390d1eddef9aea5b0debce0087e67faf0b8c82c4f6c4ee4fde8484a34This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.
ee57dce5428a24a7b498257e3bc5ee22dadff0bd6e92b4746a779384b38532cbRed Hat Security Advisory 2024-8496-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
2e425c73fd22f87e178fed171c1410ce871a8a2a0b4ed9caf27410d94cb49679Red Hat Security Advisory 2024-8492-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
ebc60e146c7b521a686c9d32d79776440020011ee7da884e4822bf6033759816Red Hat Security Advisory 2024-7939-03 - Red Hat OpenShift Container Platform release 4.13.52 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and out of bounds write vulnerabilities.
c59e77f4edbb825a109e2e969c9ebdcd961148f9a85f31c0392d630517067dc3Various Xerox printers, such as models EC80xx, AltaLink, VersaLink, and WorkCentre, suffer from an authenticated remote code execution vulnerability.
560ebed6d4ac441b5c221ab45725cf6200de08900c517d47576960db33ef2183Red Hat Security Advisory 2024-8235-03 - Red Hat OpenShift Container Platform release 4.14.39 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, denial of service, and out of bounds write vulnerabilities.
0b3639946849ab34cb421cd50d9e3ea2ddc6781f2d02077f6fe54d249150146aThis repository contains a Python script that exploits a remote code execution vulnerability in Grafana's SQL Expressions feature. By leveraging insufficient input sanitization, this exploit allows an attacker to execute arbitrary shell commands on the server. This is made possible through the shellfs community extension, which can be installed and loaded by an attacker to facilitate command execution.
6c3c16d85296d769a797c9f8ac23b3a50fdbb1f53c416a6022ded19352c4bb10Ubuntu Security Notice 7079-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
6a7758c0aafb7862f063dd5f40ab40a50c428f0d89914869aa92bd6418d440efRed Hat Security Advisory 2024-8339-03 - Red Hat Integration Camel K 1.10.8 release and security update is now available. Issues addressed include code execution, deserialization, and server-side request forgery vulnerabilities.
965096d2e5525845c9826bb9eb221f79c8e9a4763c86809502e602643db2e6feRed Hat Security Advisory 2024-8014-03 - Network Observability 1.7 for Red Hat OpenShift. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
98af9b707c7bf6fe22d29e7c3bc78754e1ace6f0ff84bac13f16b35686a6520fThis Metasploit module uses a combination of an arbitrary file read (CVE-2024-34102) and a buffer overflow in glibc (CVE-2024-2961). It allows for unauthenticated remote code execution on various versions of Magento and Adobe Commerce (and earlier versions if the PHP and glibc versions are also vulnerable). Versions affected include 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, and 2.4.4-p8 and earlier.
f1b5cba01a5fd2ecef43b7a58280b21a88a3060e64cb2735247437f0ade78ff4Red Hat Security Advisory 2024-8180-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.
a503dd0b13781bc6d8bcd158d0961b8ba359a3483a14369639c8ffe4219c854aRed Hat Security Advisory 2024-8179-03 - An update for resource-agents is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a code execution vulnerability.
7037a2c8dc93708506e607526d3a26bda088204eaac9ec31a5cb180902e56b6bRed Hat Security Advisory 2024-8173-03 - An update for resource-agents is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.
eb60172d5eea03022127c71c14128344d79699075230ea719cc0cf4ebe327558Red Hat Security Advisory 2024-8172-03 - An update for resource-agents is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
63cbf050ce547d217959a067001a1ec162627ff9e273ce386455941b4122b5b5Red Hat Security Advisory 2024-8171-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.
5c26929c82190000b44c447e960cb4707b793ed1644e826677ff56e61061c9a0Red Hat Security Advisory 2024-8170-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
fcfb77e5a277fbb2055a02348267f1d02b8dadf7b1dd329dfaf9fcac979ce9baRed Hat Security Advisory 2024-8168-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a code execution vulnerability.
e4045eaab559755c4daac1b5aa3bb37d1edb3797b654abf0436d0ead4997094bRed Hat Security Advisory 2024-7922-03 - Red Hat OpenShift Container Platform release 4.17.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, denial of service, and remote SQL injection vulnerabilities.
ab5fbc85468735bb743e5a7ae24ea8ce92c6c3d94838ebb176a4b286a7625502Red Hat Security Advisory 2024-8093-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a code execution vulnerability.
30e45045b5cfb95a0a5f2c1c30020e92b0228ede233c78afac610bb44187341c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed