ABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. The vulnerable uploadFile() function in bigUpload.php improperly reads raw POST data using the php://input wrapper without sufficient validation. This data is passed to the fwrite() function, allowing arbitrary file writes. Combined with an improper sanitization of file paths, this leads to directory traversal, allowing an attacker to upload malicious files to arbitrary locations. Once a malicious file is written to an executable directory, an authenticated attacker can trigger the file to execute code and gain unauthorized access to the building controller.
da48953d86e3e633d210a21a755ad55098b6f12fdc0866504b37f9828d654fc5
This Metasploit module exploits a remote code execution vulnerability in Traccar versions 5.1 through 5.12. Remote code execution can be obtained by combining path traversal and an unrestricted file upload vulnerabilities. By default, the application allows self-registration, enabling any user to register an account and exploit the issues. Moreover, the application runs by default with root privileges, potentially resulting in a complete system compromise. This Metasploit module, which should work on any Red Hat-based Linux system, exploits these issues by adding a new cronjob file that executes the specified payload.
0bc1add3ef020b8c6e70e1d2ec3bfd3d9c59d68531db58229710061c08ef8c2e
Gentoo Linux Security Advisory 202409-23 - A vulnerability has been found in ZNC which could result in remote code execution. Versions greater than or equal to 1.9.1 are affected.
5276eaec5d294b149dd777f15a54635b812994f30b09515c6729b4c0b8503229
Gentoo Linux Security Advisory 202409-21 - Multiple vulnerabilities have been discovered in Hunspell, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.7.1 are affected.
ec0c79de8e52535ee9af2ba078d9138f5de736bb282e88eca2bc85799ba039aa
Red Hat Security Advisory 2024-7003-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution and use-after-free vulnerabilities.
f5f3623ce18bfedef1df3b35b648def4e5367dabeb77d024bd2af317d581f432
Red Hat Security Advisory 2024-7002-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution, null pointer, and use-after-free vulnerabilities.
bcb30235b9540c6741f9560c01ee3d3305536ea741d3e392b5c83e04abb796e9
Red Hat Security Advisory 2024-6907-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.
70e01044b471297410d066c61014264d7aa8e71f06687db355eeebad21c7720b
Gentoo Linux Security Advisory 202409-19 - A vulnerability has been found in Emacs and org-mode which could result in arbitrary code execution. Versions greater than or equal to 26.3-r19:26 are affected.
9575a688eb9e213c626695cd2690c2252477d90aa854884afb0f3862b7c45461
Gentoo Linux Security Advisory 202409-17 - Multiple vulnerabilities have been discovered in VLC, the worst of which could result in arbitrary code execution. Versions greater than or equal to 3.0.20 are affected.
ebb2bac7057a961878ccd319ba221e8792667cde32a65caba4fdf913bda602fa
Gentoo Linux Security Advisory 202409-16 - Multiple vulnerabilities have been discovered in Slurm, the worst of which could result in privilege escalation or code execution. Versions less than or equal to 22.05.3 are affected.
ff2981e0c7957a84bb193ea5e001ca9c17d89f401368583d50099381b7412c6d
Gentoo Linux Security Advisory 202409-13 - Multiple vulnerabilities have been discovered in gst-plugins-good, the worst of which could lead to denial of service or arbitrary code execution. Versions greater than or equal to 1.20.3 are affected.
7bc85386edd9b978a19ae7e18d7b6e122bdd51c917e8a894f59215c2328567e5
Gentoo Linux Security Advisory 202409-12 - Multiple vulnerabilities have been discovered in pypy and pypy3, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 7.3.3_p37_p1-r1 are affected.
67a72a29541dfe1a339c4c120bfd5675850548ab51544d12bd451de53da4c45d
Gentoo Linux Security Advisory 202409-9 - A vulnerability has been discovered in Exo, which can lead to arbitrary code execution. Versions greater than or equal to 4.17.2 are affected.
712d5b1aa7545c51fe1bef12d8c237d73ae50f03edf1af67b3c8ca6e08f91339
Gentoo Linux Security Advisory 202409-7 - Multiple vulnerabilities have been discovered in Rust, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.71.1 are affected.
e5aa40d2adbb6aac1c253359c2433878f2e3e48f28339de699e1484a5cf832f9
Gentoo Linux Security Advisory 202409-5 - A vulnerability has been discovered in PJSIP, which could lead to arbitrary code execution. Versions greater than or equal to 2.13.1 are affected.
5e38f072010ee285cf46682abfd102f781b53d058c1210e1b018a140dfd64745
Gentoo Linux Security Advisory 202409-4 - Multiple vulnerabilities have been discovered in calibre, the worst of which could lead to remote code execution. Versions greater than or equal to 7.16.0 are affected.
63f9a3d6a5bff26d14c87b2fba8c59318ca8dc99843106c3a92e3298aa4faa3b
Gentoo Linux Security Advisory 202409-3 - Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 10.03.1 are affected.
3e3e8c548b3c2bb20ef348e922863417ea7d658a2f9eceb095fe3925ecf4d57d
Red Hat Security Advisory 2024-6705-03 - Red Hat OpenShift Container Platform release 4.12.66 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and traversal vulnerabilities.
e1d594e7979e2685e06c54b467fdf7e8d166c6c158567155dab4ac4742114160
Red Hat Security Advisory 2024-6685-03 - Red Hat OpenShift Container Platform release 4.15.33 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and traversal vulnerabilities.
36b1cbfc51faea3697205cc3a774b6465d137ac0c6766ce970d40b7bc9b473bf
Red Hat Security Advisory 2024-6691-03 - Red Hat OpenShift Container Platform release 4.13.50 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and traversal vulnerabilities.
3f162820304a59765b631d7f9cf18e93c3e252dea0baf6c1817bc5036e63adad
Red Hat Security Advisory 2024-6689-03 - Red Hat OpenShift Container Platform release 4.14.37 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and traversal vulnerabilities.
dfc8ec5fb40f616efd3385697be48d5f05fee7cc0ca00f9f30fe4ebe5051fff4
Red Hat Security Advisory 2024-6687-03 - Red Hat OpenShift Container Platform release 4.16.13 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and traversal vulnerabilities.
67ea9795cef54f7df0103b989b24dd862154be5392ba7a2d09b4f537c7d1510e
Backdoor.Win32.BlackAngel.13 malware suffers from a code execution vulnerability.
717e62131924ca1af11ac62c8dd44bd60d6cffaaf4066df556a537c3442d678e
Red Hat Security Advisory 2024-6726-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a code execution vulnerability.
8da1af33ccd27fdce30013232ee0f14bc2b96116f470eac2a05cf2734e08afbe
Proof of concept remote code execution exploit for Rejetto HTTP File Server (HFS) version 2.3m.
94abc34636ee9d2ee77ab7b6f4f07a3e5915b2c3ea027b41ba855261a1cd204a