It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. ![]() ![]() Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges. Certain input parameters are not properly validated. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. This vulnerability appears to have been fixed in after commit 45bc09c.Ī privilege escalation issue was discovered in VyOS 1.1.8. Neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |