Two vulnerabilities discovered in Magento allowing remote code execution and local file read with low-privilege admin accounts: the first exploits path traversal in product design layout XML to execute arbitrary PHP code via custom product option file uploads, and the second leverages path traversal in email template CSS directives to read arbitrary files.
A path traversal vulnerability in GitHub Desktop's x-github-client:// URI scheme handler allowed arbitrary code execution on macOS by opening malicious application bundles from a cloned repository without user interaction or Gatekeeper validation. The vulnerability was patched in GitHub Desktop v1.3.4.
An unauthenticated remote code execution vulnerability in Dell KACE K1000 Systems Management Appliance (version 6.3.113397 and earlier) exists in the /service/krashrpt.php endpoint, which fails to properly sanitize the kuid and name parameters before passing them to shell commands, allowing arbitrary code execution on the appliance and potentially all managed client endpoints. The vulnerability was silently patched by Dell in version 6.4 SP3 (6.4.120822) under bug ID K1-18652.
Researchers discovered an SSRF vulnerability on Airbnb by chaining a third-party open redirect in LivePerson's chat integration, leveraging automated JavaScript endpoint discovery and LivePerson's visitorWantsToChat API parameter to redirect internal API requests to attacker-controlled URLs. Additionally, relative path traversal via encoded backslashes in the path parameter enabled access to non-API endpoints on the LivePerson domain.