This Metasploit module exploits two vulnerabilities, a session ID directory traversal authentication bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707), on Cisco RV160, RV260, RV340, and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user privileges. This access can then be used to pivot to other parts of the network. This module works on firmware versions 1.0.03.24 and below.
8f357dca4573211d50b6f130d21f75a79dc9fb95c2a848b06f3a207e3819eb8eUbuntu Security Notice 5868-1 - Jakob Ackermann discovered that Django incorrectly handled certain file uploads. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
11a790e108af509c2a344551f20a1e04c908295aa88e7d1ada09f38e4bf64cc5Red Hat Security Advisory 2023-0752-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
af66df485ac2959fceb686eff1cf8754215695de74fe4b3124ea36fd1ce5c6e9Debian Linux Security Advisory 5347-1 - Bryan Gonzalez discovered that the PNG support in Imagemagick could be tricked into embedding the content of an arbitrary file when converting an image file.
175fd77c9755935caa5312662b16cbab3766492c621575380e03418054183b63Red Hat Security Advisory 2023-0742-01 - Red Hat Update Infrastructure offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux instances. Issues addressed include a bypass vulnerability.
d99d91c8f51cbd2dc6058a00325b83debf6066c4e2ed657056d4bd1e3cfa188aUbuntu Security Notice 5864-1 - Frederic Cambus discovered that Fig2dev incorrectly handled certain image files. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that Fig2dev incorrectly handled certain image files. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
f151138c147526e359fcd2cc198ff861b6290f5bcc97f6afcd130f27235fe545XNU has a race condition leading to use-after-free between the NFSSVC_NFSD command and an upcall worker thread.
558e5741f83f094c1d723a718badc745f6249cf15cef1cd4a50ca6eee80f69f8XWorm Trojan version 2.1 suffers from a denial of service condition due to a null pointer vulnerability.
218bd6226ffba65f996ca7ad7af99a05782d1270eea9553e6c70e53ec943a018
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed