A server-side include in Microsoft SharePoint via CreateChildControls in DataFormWebPart class allows an authenticated user to leak the web.config file and forge a malicious ViewState with the extracted validation key.



The user credentials requires user with page creation privileges, a standard permission.

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content.

A directory traversal vulnerability in F5 BIG-IP Traffic Management User Interface (TMUI) allows unauthenticated attackers to run remote code on the underlying operating system as root.

The administrative console in Pydio Cells allows a user with administrator role to set the path for the sendmail binary executable, when the "sendmail" option is selected in the mailer configuration.

Due to lack of sanitization in the given parameter, an administrator user can set the path to an arbitrary binary.

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.

The target parameter in events.php in Pandora FMS 7.0NG 742, 743 and 744 allows remote authenticated users to execute arbitrary OS commands.

.NET deserialization vulnerability in the Microsoft Exchange Control Panel web page allows authenticated attackers to execute OS commands with SYSTEM privileges.

The lack of randomization in the validationKey and decryptionKey values at installation allows an attacker to create a crafted viewstate to execute OS commands via .NET deserialization.



This update adds payload generation error detection and dependencies documentation.

The sub_resource_create function of class M_devices in m_devices.php of Open-AudIT 3.2.2 allows remote authenticated users to upload arbitrary PHP files, allowing the execution of arbitrary php code in the system.

The Kinetica Admin web application did not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system.