This Metasploit module chains an authentication bypass vulnerability with a deserialization vulnerability to obtain remote code execution against Telerik Report Server versions 10.0.24.130 and below. The authentication bypass flaw allows an unauthenticated user to create a new user with administrative privileges. The USERNAME datastore option can be used to authenticate with an existing account to prevent the creation of a new one. The deserialization flaw works by uploading a specially crafted report that when loaded will execute an OS command as NT AUTHORITY\SYSTEM. The module will automatically delete the created report but not the account because users are unable to delete themselves.
c8284cfa43ce5539a8a2a273491db985cf3ca1e11f9f79a70c88e33e5ddb8d98The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to work against version 2.4.0 RC7 and 2.3m. The Rejetto HTTP File Server (HFS) version 2.x is no longer supported by the maintainers and no patch is available. Users are recommended to upgrade to newer supported versions.
29d14f6071280a078aaa483b26d55eb3225942a4f52062387eda88f7c815b725This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The module finally triggers the payload to execute arbitrary PHP code in the context of the user running the web server. Authentication is needed and the account must have access to the Import Packages feature. This is granted by setting the Import Templates permission in the Template Editor section.
f1f588ee0ed499b26894cbffe269abc74a129bb2bc296920c54da9fcdb577639Lost and Found Information System version 1.0 suffers from a reflective cross site scripting vulnerability.
075bae0f3073aeafd6f4cb516ed784fe8d11ba07aa216df25c0eb9c8235cf759Lost and Found Information System version 1.0 suffers from an unauthenticated blind boolean-based remote SQL injection vulnerability.
3796699636db1b0ff0332312ce70a691d39ad5fa4910b34b95ffd93614717ad6Lost and Found Information System version 1.0 suffers from an unauthenticated blind time-based remote SQL injection vulnerability.
7aedced0fdccf4a2850ec7db755dae9b61e52dc3f3c4359c11d7d251b16756f9Lost and Found Information System version 1.0 suffers from a persistent cross site scripting vulnerability.
df973d3074e051a08dcb9a9e07fa3df6582f74a0030c02786fb1aedfa590b1c4Debian Linux Security Advisory 5709-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, the bypass of sandbox restrictions or an information leak.
c2910ec4cc30703a12d312a112edb843f49618f603c0a026191280e7dddfef3aUbuntu Security Notice 6829-1 - It was discovered that matio incorrectly handled certain malformed files. An attacker could possibly use this issue to cause a denial of service.
295eac0df78706085e8ed5f199d42733e1de8406d48003ab1b0a3ffc2478fd48Ubuntu Security Notice 6819-3 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.
0776ecd3ecb1bfa0399486a67208c24d784625998b8a8fcde961179d780df009Ubuntu Security Notice 6831-1 - It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
23e4ede8ceaec81814cdcf3c7e268f93d35ddcb8901d67e7269563744fed70e6Quick Cart version 6.7 suffers from a remote shell upload vulnerability provided you have administrative privileges.
581fe13cd639606102deead0404061d9994084c9c56f0a353d0df57a4db1eb44Quick CMS version 6.7 suffers from a remote shell upload vulnerability provided you have administrative privileges.
f6dded0695b1f07e13e0342870c5c1fa8e258bf6885d7aea79680ada675e04d6Red Hat Security Advisory 2024-3877-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
c512bc51a50ee0f621a46123e4d6ecbfc7d9085caac613fd1fd19ff923a1a83eRed Hat Security Advisory 2024-3875-03 - An update for nghttp2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
de12c6fdfdefef4bf8cdbe69645dc2515b0295c90012fbea48439bc46bc27959Red Hat Security Advisory 2024-3700-03 - Red Hat OpenShift Container Platform release 4.14.29 is now available with updates to packages and images that fix several bugs and add enhancements.
9c7710231ddcf3008a21da24450722f8fdfd86ac77e266818a47d7263a4e6d07
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed