Latest Security News about rce

The Argo Project is an open source provider of Kubernetes CI/CD workflows, facilitating Infrastructure as Code.

  Overview : In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git. The Argo Project is an open source provider of Kubernetes CI/CD workflows, facilitating Infrastructure as Code. I Identified five security issues in Argo: one sensitive information [...]

Accentis Content Resource Management System suffer from a remote SQL injection vulnerability.

Overview : Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a remote SQL injection vulnerability. Affected Product(s) : Accentis Content Resource Management System Vulnerability Details : CVE ID : CVE-2015-3424 SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to […]

Accentis Content Resource Management System suffer from a cross site scripting vulnerability.

Overview : Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a cross site scripting vulnerability. Affected Product(s) : Accentis Content Resource Management System Vulnerability Details : CVE ID : CVE-2015-3425 Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to […]

Trend Micro Anti-Threat Toolkit (ATTK) RCE Vulnerability

Overview : Vulnerable versions of ATTK may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Affected Product(s) : Anti-Threat Toolkit (ATTK) 1.62.0.1218 and below Vulnerability Details : CVE ID : CVE-2019-9491 CVSS 3.0 Score(s): 7.5 – AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H Solution : Exploiting these type of […]

FiberHome HG2201T Pre-Auth RCE

Overview : FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. Affected Product(s) : FiberHome HG2201T Vulnerability Details : CVE ID : CVE-2019-17187 Incorrect Access Control/Directory Traversal /var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. Solution : Apply the vendor Security Patch