#AI #codeexecution mastodon, I'm looking for recommendations. I'm playing with #agents and would like them to run their own #sandboxed #code snippets.

What have you tried? What works? What doesn't?

🎉 Wow, an "Inline Evaluation Adventure" where you can execute code by using a magical combination of keys that sounds like a secret cheat code from a '90s video game. 🤹‍♀️ No run button? Bravo! Because who needs intuitive interfaces in 2025, right? 😂
https://rigsomelight.com/2025/03/12/inline-eval-adventure.html #InlineEvaluation #Adventure #SecretCheatCode #90sNostalgia #CodeExecution #IntuitiveInterfaces #HackerNews #ngated

How to gain code execution on hundreds of millions of people and popular apps — https://kibty.town/blog/todesktop/
#HackerNews #codeexecution #hacking #cybersecurity #appsecurity #exploit

PoC Exploit Released for TP-Link Code Execution Vulnerability(CVE-2024-54887)
https://gbhackers.com/poc-exploit-released-for-tp-link-code-execution-vulnerability/

#Infosec #Security #Cybersecurity #CeptBiro #PoCExploit #TPLink #CodeExecution #Vulnerability

There are many ways to distribute Python solutions, and this describes one method. Imagine you need to transfer a solution from a DEV to a PROD environment. It assumes a PROD setup from scratch. This HowTo includes #VersionManagement, #VirtualEnvironment Setup, #PackageManagement and #CodeExecution. #HowToDistributePythonSolutions

https://chribonn.medium.com/how-to-distribute-python-solutions-8f8a249900f6

Article outlines a method for distributing Python solutions. Steps include version management, #VirtualEnvironment Setup, #PackageManagement and #CodeExecution. #HowToDistributePythonSolutions
https://www.alanbonnici.com/2024/11/how-to-distribute-python-solutions.html

@jos1264

Nice article! Can‘t agree more on all of them amd seen many of them in the wild:

📄 Default configurations of software and applications

⛔️ Improper separation of user/administrator privilege

🔎 Insufficient internal network monitoring

⚠️ Lack of network segmentation

🔄 Poor patch management

🔀 Bypass of system access controls

📱 Weak or misconfigured MFA methods

🎣 Lack of phishing-resistant MFA

🚫 Insufficient access control lists on network shares and services

🧼 Poor credential hygiene

👨🏼‍💻 Unrestricted Code Execution

#cybersecurity #NetworkAccessControl #patchmanagement #PrincipleOfLeastPriviledge #mfa #phishing #networksegmentation #networkmonitoring #hardening #codeexecution

Thinkware Cloud APK Vulnerability Allows Code Execution With Elevated Privileges
https://gbhackers.com/thinkware-cloud-apk-vulnerability/

#Infosec #Security #Cybersecurity #CeptBiro #ThinkwareCloudAPK #Vulnerability #CodeExecution #ElevatedPrivileges

Perplexity AI is releasing its Pro Search function for intricate queries on Android Devices.

See here - https://techchilli.com/news/perplexity-ai-releasing-its-pro-search-function-for-intricate-queries-on-android-devices/

#PerplexityAI #ProSearch #AI #Android #TechInnovation #SearchEngine #CodeExecution #MathProblems #AdvancedSearch #AIonMobile #TechUpdates #Productivity #AIFeatures

#CodeExecution （免费不限量）类似ChatGPT的代码解释器（付费用户专享），不过功能要差一些，比如支持的库比较少，也不能输出图表。做一些计算比模型本身要靠谱太多。

补充一句，#GoogleAIStudio 还增加了 #CodeExecution 功能。很有想象空间，数学问题有救了。

> #Gemini API 代码执行功能使模型能够生成并运行 #Python 代码，并根据结果迭代学习，直到获得最终输出。您可以使用此代码执行功能来构建能从基于代码的推理功能中受益并能生成文本输出的应用。例如，您可以在解方程式或处理文本的应用中使用代码执行。
> AI Studio 和 Gemini API 中都支持代码执行功能。在 AI Studio 中，您可以在高级设置下启用代码执行功能。Gemini API 提供代码执行功能，类似于函数调用。您将代码执行添加为工具后，模型就会决定何时使用该工具。

Okta Verify for Windows Auto-update Vulnerability Alert

Date: 2024-03-26
CVE: CVE-2024-0980
Sources: Trust.okta.com Advisory

Issue Summary

Okta Verify's auto-update service for Windows was found vulnerable due to two flaws. These vulnerabilities, when exploited together, could lead to arbitrary code execution on affected systems.

Technical Key Findings

The flaws pertain to improper limitation of a pathname to a restricted directory ("Path Traversal") and uncontrolled search path element ("DLL Hijacking"). Attackers could exploit these vulnerabilities to execute arbitrary code.

Vulnerable Products

• Okta Verify for Windows versions prior to 4.10.7.
• Note: Okta Verify on platforms other than Windows is unaffected.

Impact Assessment

If exploited, attackers could execute arbitrary code in the context of the application, potentially taking control of affected systems.

Patches or Workaround

Upgrade to Okta Verify for Windows version 4.10.7 or later to mitigate this vulnerability.

Tags

#CVE-2024-0980, #OktaVerify, #Windows, #SecurityPatch, #CodeExecution

For the most current information and updates on this issue, please refer to the official Okta security advisories page.

"🚨 Autodesk AutoCAD Vulnerabilities Exposed 🚨"

Autodesk's security advisory reveals critical vulnerabilities within AutoCAD products, impacting various versions with potential for arbitrary code execution. Highlighting CVEs such as CVE-2024-0446 through CVE-2024-23137, these flaws can be exploited through maliciously crafted files, posing significant risks to confidentiality, integrity, and availability. Mitigation includes avoiding the import feature and only importing files from trusted sources. Props to Mat Powell from Trend Micro Zero Day Initiative for uncovering these vulnerabilities. Stay vigilant and update accordingly! 🛡️💻

Tags: #CyberSecurity #Vulnerability #AutoCAD #CVE #Autodesk #CodeExecution #InfoSec #PatchManagement

AUTODESK TRUST CENTER Security advisory

"⚠️ FFmpeg Vulnerability Alert: CVE-2024-22860 🚨"

A critical vulnerability in FFmpeg before n6.1, identified as CVE-2024-22860, has been disclosed. This integer overflow issue allows remote attackers to execute arbitrary code through the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. With a CVSS v3 score of 9.8, it's marked as a severe risk. Notably, this vulnerability has been addressed in FFmpeg version n6.1.

🔗 For more details on this vulnerability, check Tenable's overview: CVE-2024-22860 - Tenable and Debian's security tracker: CVE-2024-22860 - Debian Security Tracker.

Tags: #CyberSecurity #Vulnerability #FFmpeg #CVE2024_22860 #InfoSec #CodeExecution #PatchNow 🛡️💻🔒

"🚨 Critical Zero-Day Patch Released by Apple - CVE-2024-23222 🚨"

Apple has urgently released updates for a range of its devices, including iPhones, Macs, and Apple TVs, to patch a critical zero-day flaw (CVE-2024-23222). This type confusion vulnerability, which can lead to arbitrary code execution when processing specially crafted web content, has been reportedly exploited in the wild. The patch addresses this issue with enhanced checks.

This zero-day bug is the first Apple has fixed in 2024, following their action on 20 zero-days last year. Updates are available for iOS 17.3 & iPadOS 17.3 (iPhone XS and later, various iPad models), macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3, tvOS 17.3, and Safari 17.3.

Tags: #AppleSecurity #ZeroDay #CVE202423222 #CyberSecurity #PatchNow #TypeConfusion #CodeExecution #UpdateAlert 🍏💻🔒

Mitre CVE-2024-23222

Source: TheHackerNews

"Google's Silent Amendment: A Tale of a Critical WebP Vulnerability 🕷️"

Google has discreetly updated a prior disclosure concerning a critical code-execution vulnerability, initially underplayed as affecting only Chrome, but now revealed to impact thousands of apps and software frameworks. The culprit is the libwebp code library, created by Google for rendering WebP images, which is embedded in numerous apps, operating systems, and code libraries, notably the Electron framework. The vulnerability, initially tagged as CVE-2023-4863, was reclassified as CVE-2023-5129 with a severity rating escalated to a perfect 10. The flaw could allow attackers to execute malicious code merely by tricking users into viewing a corrupted WebP image. It's a stark reminder to ensure your apps, especially those running on Electron versions v22.3.24, v24.8.3, or v25.8.1, are updated to dodge this bullet. 🛡️

Source: Ars Technica by Dan Goodin. Follow him on Twitter.

Tags: #Google #WebPVulnerability #CVE20234863 #CVE20235129 #CyberSecurity #CodeExecution #ElectronFramework #SoftwareVulnerability #InfoSec

"#Win11Alert 🚨 - Windows 11 Vulnerability Allows Arbitrary Code Execution 💻"

A newly discovered vulnerability in Windows 11 can lead to arbitrary code execution due to factors like TOCTOU race conditions and malicious DLLs. Update and stay secure! 🖥️🔓

Source: [GBHackers On Security by Eswar]https://gbhackers.com/windows11-themes-vulnerability/)

Tags: #Windows11 #Vulnerability #CodeExecution #Cybersecurity #InfoSec 🖥️🔒

The findings were based on an incident response engagement conducted by CISA at an unnamed aeronautical sector organization from February to April 2023.

#CISA #exploits #cybersecurity #FBI #Fortinet #CodeExecution

https://cybersec84.wordpress.com/2023/09/09/cisa-issues-warning-about-nation-state-hackers-exploiting-fortinet-and-zoho-vulnerabilities/

CVE-2023-39265 is related to a bypass issue in URI connections to the SQLite database used for the metastore. This vulnerability enables attackers to execute data manipulation commands.

#cybersecurity #Apache #CodeExecution #SecurityBreach #RCEAttacks

https://cybersec84.wordpress.com/2023/09/08/apache-superset-servers-vulnerable-to-rce-attacks/

The identified vulnerabilities have a high severity rating of 9.8 out of 10 on the CVSS version 3.1 scale.

#cybersecurity #ASUS #Routers #CodeExecution #vulnerabilities

https://cybersec84.wordpress.com/2023/09/06/various-vulnerabilities-in-asus-routers-could-lead-to-remote-code-execution/