This Metasploit module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer (ASan). ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The log_path option can be set using the ASAN_OPTIONS environment variable, allowing clobbering of arbitrary files, with the privileges of the setuid user. This module uploads a shared object and sprays symlinks to overwrite /etc/ld.so.preload in order to create a setuid root shell.
0e6f740ce9bc200d846f84b085e1b15b388b872a85100b6499f36331dcd60d30I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
65fe327fdd11272a764c9e1c6ae1f38b151cea9003216b861c7ff2b281ca2970Ghostscript has an issue with pseudo-operators that can lead to remote code execution. Version 9.26 is affected.
6f82dc2c71113403be2f8d208d1801454419d4178873a71ecf3e7231bb75fa9fCoppermine version 1.5.46 suffers from multiple cross site scripting vulnerabilities.
38b80db2c56e17ffeddbb0f779d6162b367b3d055203dc2936b95d756b85c455Abantecart version 1.2.12 suffers from a cross site scripting vulnerability.
9049506bf8cac7203cc836634a13bb52cc4e386f1736d2424ed25fee79a9ef91DNN version 9.1 suffers from a cross site scripting issue that can be achieved via an XML vulnerability.
524165c60ed031fcefc4fdd7b52e564af0f4bd3450ce057e38a1662da131284eMicrosoft Windows has a flaw where a contact file can be leveraged with a malicious mailto: link to achieve code execution.
e16184bb657aebad54ac521372498653ef4ce63d19c5b150334e57414d202fdcJoomla! Easy Shop component version 1.2.3 suffers from a local file inclusion vulnerability.
7ebc46eaa01b10e34e0867ed6c6f2432b67a99b6479b0eb3c8bff76a57807364Joomla! J-BusinessDirectory component version 4.9.7 suffers from a remote SQL injection vulnerability.
ece141f3f2e32a705932b56df62b4b0234b266a7330fc8e04d9aff44e0ea9060Joomla! VMap component version 1.9.6 suffers from a remote SQL injection vulnerability.
c525825038f94674d36b285c9d73c5f076fbda61bb214bcf20d362fb12c6de74Joomla! vBizz component version 1.0.7 suffers from a code execution vulnerability.
1b2b50d42b3ac2ded00024104a0b54e504c75ed6aabdcb25b5578d9a93412572Joomla! vBizz component version 1.0.7 suffers from a remote SQL injection vulnerability.
1f669e3aafb97e30887d32f750562f31c9d5a8b7b760d244dc9e0a2b43f45f71Nagios XI version 5.5.6 suffers from remote code execution and privilege escalation vulnerabilities.
24108dbb8c9c59ae34ce542303af31e1e4a7a64d3f72d47d85b85c06711c4a54Joomla! J-ClassifiedsManager component version 3.0.5 suffers from a remote SQL injection vulnerability.
02081fc738336962e9db2c49eab0a648edbfbc8b34944da49d441167fd6e9489Joomla! J-MultipleHotelReservation component version 6.0.7 suffers from a remote SQL injection vulnerability.
2fbae3a71241e85cb204b6ed16189ab45ad1868a7b4ceb564029b35979e38bbbJoomla! vReview component version 1.9.11 suffers from a remote SQL injection vulnerability.
62197c373e13a2ae6e10adc85159763a86cd18c52f703c309cc22e5d1e59d642Joomla! vAccount component version 2.0.2 suffers from a remote SQL injection vulnerability.
293a9418a9c1d355b3bc1cbfe464731a37ba3f6c93c0d71d2e9323413cf8aa68Joomla! vWishlist component version 1.0.1 suffers from a remote SQL injection vulnerability.
855e78f7977dd5af02a00f316f65ab4ee0d843e713ed2c74e50436578065c385Ubuntu Security Notice 3866-1 - Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.
39c2317129a0f2797b184193f238e6b3905f879dd65b2bd8f0ca13cd1b69f6c6Ubuntu Security Notice 3867-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
e34b43d0d03263ddfe392cfad50db5716adf819a0950971ca80c57c77b8e7f20Red Hat Security Advisory 2019-0148-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.
cf6f99e1d878aeca36d32384df37ac2dc42e37a931da9993dc7f86d945451493Ubuntu Security Notice 3707-2 - USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. Various other issues were also addressed.
491d58f999c7eea8810601c09831b240d9aedad6123ec22fdeec53a32edec41bSlackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
38a254b8bd2b84ac3da8078e193ce32a2e57e602cb9e073ebb4f6bbab8a36bbdApple Security Advisory 2019-1-22-3 - watchOS 5.1.3 is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.
f6b7c427628bb1eda79658a3347640a2c92fc5920ea88de3534d613cb984a5adApple Security Advisory 2019-1-22-2 - macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra are now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.
07dfb353b9339db985c408e32871a075cb57f6f7bfc5edd7f63917f471a9b513
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed