ExaGrid ships a public/private key pair on their backup appliances to allow passwordless authentication to other ExaGrid appliances. Since the private key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. Additionally, this module will attempt to use the default password for root, 'inflection'.
6419b730a7ee3c530fa2f749d16fed9db9fdd5f7fd2e5f1924a1837f4f477dd1
Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the "untrusted" version of the language is necessary. This requires a superuser. This is usually postgres. The execution should be platform-agnostic, and has been tested on OS X, Windows, and Linux. This Metasploit module attempts to load Perl or Python to execute system commands. As this dynamically loads a scripting language to execute commands, it is not necessary to drop a file on the filesystem. Only Postgres 8 and up are supported.
35a6a49124ad62dab21bd8ac5c63333438e1b0e3ebfa9c2ae8f568b3ec88f1c1
The GET_CONFIG and GET_PARAMETER calls on IOMX are vulnerable to an information disclosure of uninitialized heap memory. This could be used by an attacker to break ASLR in the media server process by reading out heap memory which contains useful address information.
5261311e4609875cedbf0b094d7a84ece67c7f5bb756289665b882bc2cd7d449
The IMemory interface in frameworks/native/libs/binder/IMemory.cpp, used primarily by the media services can be tricked to return arbitrary memory locations leading to information disclosure or memory corruption.
b2733bc9c4f2368575e5664c639831ee56ed7c5575c89a4d6b41f8c514f1132a
Hikvision Digital Video Recorder versions LV-D2104CS, DS-7316HFI-ST, DS-7216HVI-SV/A, DS-7208HVI-SH, and DS-7204HVI-SH suffer from a cross site request forgery vulnerability.
15541a45ae5db01ad47759f2da7a02a07d53f8ded2f08a88de1f78dc24ee3d91
AccelSite Content Manager version 1.0 suffers from a remote SQL injection vulnerability.
5d7e2e0d2ddc9a4e5bcd0484ae80530e67506ee14b62c67305976d838ddd2d5f
Monsta Box WebFTP suffers from an arbitrary file read vulnerability.
17b16ca800abe893b240e9494d98637b640c281294456b8dcb365bb6eb74581f
Apple Intel HD 3000 graphics driver version 10.0.0 suffers from a local privilege escalation vulnerability.
3e5d2696bc6839ebf47fb06c0e42e065d3ee82398e3dd4e1241db80224bc448f
WordPress Multiple Meta Box plugin version 1.0 suffers from a remote SQL injection vulnerability.
d3af67c180a38ce1677e54de300a618d00bf7925dc2973a7656f9b4d33f23c4e
Perli version 2.6 suffers from filter bypass and script insertion vulnerabilities.
ae2c77195219e12e19701d2f72726b14661ff8c8b0e4ffcfa7f5263b6f6798ca
Eight Webcom CMS 2016 Q2 suffers from a remote SQL injection vulnerability.
4f9e67bdeab4bbf09fd9f28993a0ba86e6606a8be2b5c80d9764c0525b2ba810
MESS version 0.154-3.1 suffers from a buffer overflow vulnerability.
f2f21c0ad26b1b02471da31ead8ec55d6dc72edcedbf156fcdf8d074e1ef85f9
Quicksilver HQ VoHo Concept4E CMS version 1.0 suffers from multiple remote SQL injection vulnerabilities.
e57e7050e8bc228fc7f6f47f84c7274a56e997ed2a9cd2d299d8f2b0a7b33578
JPEGSnoop versions 1.7.3 and below suffer from a dll hijacking vulnerability.
69e0cc0aa0898ecdb50d0df884869ab8b7030ffd6d25abeff6de62e891875908
SIDU version 5.3 database web gui suffers from multiple cross site scripting vulnerabilities.
a73fc60d352182086b48da0627c41e251802f57716fa0c7840c2ecc1598056db
SIDU version 5.2 database web gui suffers from multiple cross site scripting vulnerabilities.
17046758519e64f9aaf9c99b9bb039ed7340842e794d255e19fa81dd9e02a2bd
One change in Windows 8.1 from Windows 7 is the introduction of the console driver (condrv.sys) which is responsible for handling the management of consoles. It contains a method, CdpLaunchServerProcess which creates an instance of conhost.exe. This method calls ZwCreateUserProcess which means that the system call runs with kernel permissions, it also passes a flag (0x400) to the system call which indicates that the new process should not be assigned to the parent job. This allows for the conhost process to bypass the job restrictions.
aad99e2fb5be5770a2e80cebfa29ade4a75656ae77a4bc2610d6dca415437c02
Webligo SocialEngine version 4.8.9 suffers from a remote SQL injection vulnerability.
23d7b324c1f00d120d482272b68f715bc252d57f6a4a0e8541edcafd5c706d24
op5 has a cross site request forgery entry point that can be used to execute arbitrary remote commands on op5 system sent via HTTP GET requests, allowing attackers to completely takeover the affected host. To be victimized a user must be authenticated and visit a malicious webpage or click an infected link. Version 7.1.9 is affected.
a99ec5b8c98fbbd4d26e18a7ffeb77840fb048d7100904df54c1a9e24ecdd54f
Asbru Web Content Management System version 9.2.7 suffers from cross site request forgery, cross site scripting, open redirection, and directory traversal vulnerabilities.
a855a651720da4d549f9b5abc9c5497e9eafb205df8154d2cb842c4fccaf3b25
Apple iOS version 9.3.1 suffers from a Siri-related passcode bypass vulnerability.
4c2d625cde1a9e433b27469eab9f4af913c2d5ad1f92f9819ea9dcc34be5d796
Multiple reflected cross site scripting issues were discovered in Cyberoam NG appliances. Input passed via the 'ipFamily', 'applicationname' and 'username' GET parameters to LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitized before being returned to the user. Adding arbitrary 'X-Forwarded-For' HTTP header to a request makes the appliance also prone to a XSS issue. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
76576be8630c45295bbad88ae0ff962e2700d9f8ae39ccd8dac71c467da5f8b9
Pulse version 0.7.0 Final suffers from cross site request forgery and cross site scripting vulnerabilities.
ea8464956bfa6c42a33165b5b3aba39f84d4fac00ae1a4d00252f2abba47e365
MeshCMS version 3.6 suffers from a remote command execution vulnerability.
da04f5d5f4b1209e8faff39fb9ec4d95d49dbf0019c36962d2b9433ead3184ac
Quanta LTE routers suffer from backdoor accounts, remote code execution, weak WPS functionality, arbitrary file reading, and a ridiculous amount of other vulnerabilities.
574a7a5333ba067e960ea26d54102349d8fe190084d3f24d869cdee6d409231f