CVE-2023-26145
https://notcve.org/view.php?id=CVE-2023-26145
This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original source object. These paths can be used to target internal class attributes and dict items, to retrieve, modify or invoke nested Python objects. **Note:** The pydash.objects.invoke() method is vulnerable to Command Injection when the following prerequisites are satisfied: 1) The source object (argument 1) is not a built-in object such as list/dict (otherwise, the __init__.__globals__ path is not accessible) 2) The attacker has control over argument 2 (the path string) and argument 3 (the argument to pass to the invoked method) The pydash.collections.invoke_map() method is also vulnerable, but is harder to exploit as the attacker does not have direct control over the argument to be passed to the invoked function. • https://gist.github.com/CalumHutton/45d33e9ea55bf4953b3b31c84703dfca https://github.com/dgilland/pydash/commit/6ff0831ad285fff937cafd2a853f20cc9ae92021 https://security.snyk.io/vuln/SNYK-PYTHON-PYDASH-5916518 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-41444
https://notcve.org/view.php?id=CVE-2023-41444
An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. Un problema en Binalyze IREC.sys v.3.11.0 y anteriores permite a un atacante local ejecutar código arbitrario y escalar privilegios a través de la función fun_1400084d0 en el controlador IREC.sys. • https://blog.dru1d.ninja/windows-driver-exploit-development-irec-sys-a5eb45093945 https://gist.github.com/dru1d-foofus/1af21179f253879f101c3a8d4f718bf0 https://github.com/magicsword-io/LOLDrivers/blob/main/yaml/d74fdf19-b4b0-4ec2-9c29-4213b064138b.yml • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-38877
https://notcve.org/view.php?id=CVE-2023-38877
A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords. Existe una vulnerabilidad de inyección de encabezado del host en Economizzer v.0.9-beta1 de gugoan y en el commit 3730880 (abril de 2023). Al enviar un encabezado de host especialmente manipulado en la solicitud de restablecimiento de contraseña, es posible enviar enlaces de restablecimiento de contraseña a los usuarios que, una vez que se hace clic en ellos, conducen a un servidor controlado por el atacante y, por lo tanto, filtran el token de restablecimiento de contraseña. • https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38877 https://github.com/gugoan/economizzer https://www.economizzer.org • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-41450
https://notcve.org/view.php?id=CVE-2023-41450
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. Un problema en phpkobo AjaxNewsTicker v.1.0.5 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para el parámetro reque. • http://ajaxnewsticker.com http://phpkobo.com https://gist.github.com/RNPG/e11af10e1bd3606de8b568033d932589 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-43651 – Remote code execution on the host system via MongoDB shell in jumpserver
https://notcve.org/view.php?id=CVE-2023-43651
JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. • https://github.com/jumpserver/jumpserver/security/advisories/GHSA-4r5x-x283-wm96 • CWE-94: Improper Control of Generation of Code ('Code Injection') •