ZDI-23-1595: Ashlar-Vellum Cobalt Uncontrolled Search Path Element Remote Code Execution Vulnerability | allinfosecnews.com

Nov. 14, 2023, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-44437.

arbitrary code attackers cobalt code code execution cves cvss exploit file malicious page path rating remote code remote code execution search target vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-23-1752: Delta Electronics InfraSuite Device Master UploadMedia Directory Traversal Remote Code Execution Vulnerability 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +17

ZDI-23-1756: Delta Electronics InfraSuite Device Master PlayWaveFile Directory Traversal Information Disclosure Vulnerability 18 hours ago | www.zerodayinitiative.com

attackers authentication cve cves +18

ZDI-23-1754: Delta Electronics InfraSuite Device Master Device-DataCollect Deserialization of Untrusted Data Remote Code Execution Vulnerability 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +18

ZDI-23-1753: Delta Electronics InfraSuite Device Master Device-Gateway Deserialization of Untrusted Data Remote Code Execution Vulnerability 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +19

ZDI-23-1755: Delta Electronics InfraSuite Device Master RunScript Exposed Dangerous Method Remote Code Execution Vulnerability 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +16

ZDI-23-1733: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code … 3 days, 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers buffer buffer overflow +18

ZDI-23-1734: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code … 3 days, 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers buffer buffer overflow +18

ZDI-23-1732: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code … 3 days, 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers buffer buffer overflow +18

ZDI-23-1729: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Out-Of-Bounds Write Remote Code Execution … 3 days, 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

Senior Vice President, Cybersecurity and Runtime Operations

@ 2U | US-MD-Lanham//US-Remote

View on infosec-jobs.com

Dreadnought Product Security Lead - Submarines

@ Rolls-Royce | Derby - Jubilee House (UK-JH)

View on infosec-jobs.com

Senior Product Security Engineer

@ Narvar | Hybrid - Bengaluru

View on infosec-jobs.com

Managing Consultant - Advisors Business Development

@ Mastercard | Mumbai, India

View on infosec-jobs.com

Principal Security Engineer

@ Highspot | Vancouver, BC

View on infosec-jobs.com

Incident Response Specialist

@ Wabtec | Bengaluru - KA - IND (ITC Greens)

View on infosec-jobs.com