ExaGrid ships a public/private key pair on their backup appliances to allow passwordless authentication to other ExaGrid appliances. Since the private key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. Additionally, this module will attempt to use the default password for root, 'inflection'.
6419b730a7ee3c530fa2f749d16fed9db9fdd5f7fd2e5f1924a1837f4f477dd1Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the "untrusted" version of the language is necessary. This requires a superuser. This is usually postgres. The execution should be platform-agnostic, and has been tested on OS X, Windows, and Linux. This Metasploit module attempts to load Perl or Python to execute system commands. As this dynamically loads a scripting language to execute commands, it is not necessary to drop a file on the filesystem. Only Postgres 8 and up are supported.
35a6a49124ad62dab21bd8ac5c63333438e1b0e3ebfa9c2ae8f568b3ec88f1c1The GET_CONFIG and GET_PARAMETER calls on IOMX are vulnerable to an information disclosure of uninitialized heap memory. This could be used by an attacker to break ASLR in the media server process by reading out heap memory which contains useful address information.
5261311e4609875cedbf0b094d7a84ece67c7f5bb756289665b882bc2cd7d449The IMemory interface in frameworks/native/libs/binder/IMemory.cpp, used primarily by the media services can be tricked to return arbitrary memory locations leading to information disclosure or memory corruption.
b2733bc9c4f2368575e5664c639831ee56ed7c5575c89a4d6b41f8c514f1132aHikvision Digital Video Recorder versions LV-D2104CS, DS-7316HFI-ST, DS-7216HVI-SV/A, DS-7208HVI-SH, and DS-7204HVI-SH suffer from a cross site request forgery vulnerability.
15541a45ae5db01ad47759f2da7a02a07d53f8ded2f08a88de1f78dc24ee3d91AccelSite Content Manager version 1.0 suffers from a remote SQL injection vulnerability.
5d7e2e0d2ddc9a4e5bcd0484ae80530e67506ee14b62c67305976d838ddd2d5fMonsta Box WebFTP suffers from an arbitrary file read vulnerability.
17b16ca800abe893b240e9494d98637b640c281294456b8dcb365bb6eb74581fApple Intel HD 3000 graphics driver version 10.0.0 suffers from a local privilege escalation vulnerability.
3e5d2696bc6839ebf47fb06c0e42e065d3ee82398e3dd4e1241db80224bc448fWordPress Multiple Meta Box plugin version 1.0 suffers from a remote SQL injection vulnerability.
d3af67c180a38ce1677e54de300a618d00bf7925dc2973a7656f9b4d33f23c4ePerli version 2.6 suffers from filter bypass and script insertion vulnerabilities.
ae2c77195219e12e19701d2f72726b14661ff8c8b0e4ffcfa7f5263b6f6798caEight Webcom CMS 2016 Q2 suffers from a remote SQL injection vulnerability.
4f9e67bdeab4bbf09fd9f28993a0ba86e6606a8be2b5c80d9764c0525b2ba810MESS version 0.154-3.1 suffers from a buffer overflow vulnerability.
f2f21c0ad26b1b02471da31ead8ec55d6dc72edcedbf156fcdf8d074e1ef85f9Quicksilver HQ VoHo Concept4E CMS version 1.0 suffers from multiple remote SQL injection vulnerabilities.
e57e7050e8bc228fc7f6f47f84c7274a56e997ed2a9cd2d299d8f2b0a7b33578JPEGSnoop versions 1.7.3 and below suffer from a dll hijacking vulnerability.
69e0cc0aa0898ecdb50d0df884869ab8b7030ffd6d25abeff6de62e891875908SIDU version 5.3 database web gui suffers from multiple cross site scripting vulnerabilities.
a73fc60d352182086b48da0627c41e251802f57716fa0c7840c2ecc1598056dbSIDU version 5.2 database web gui suffers from multiple cross site scripting vulnerabilities.
17046758519e64f9aaf9c99b9bb039ed7340842e794d255e19fa81dd9e02a2bdOne change in Windows 8.1 from Windows 7 is the introduction of the console driver (condrv.sys) which is responsible for handling the management of consoles. It contains a method, CdpLaunchServerProcess which creates an instance of conhost.exe. This method calls ZwCreateUserProcess which means that the system call runs with kernel permissions, it also passes a flag (0x400) to the system call which indicates that the new process should not be assigned to the parent job. This allows for the conhost process to bypass the job restrictions.
aad99e2fb5be5770a2e80cebfa29ade4a75656ae77a4bc2610d6dca415437c02Webligo SocialEngine version 4.8.9 suffers from a remote SQL injection vulnerability.
23d7b324c1f00d120d482272b68f715bc252d57f6a4a0e8541edcafd5c706d24op5 has a cross site request forgery entry point that can be used to execute arbitrary remote commands on op5 system sent via HTTP GET requests, allowing attackers to completely takeover the affected host. To be victimized a user must be authenticated and visit a malicious webpage or click an infected link. Version 7.1.9 is affected.
a99ec5b8c98fbbd4d26e18a7ffeb77840fb048d7100904df54c1a9e24ecdd54fAsbru Web Content Management System version 9.2.7 suffers from cross site request forgery, cross site scripting, open redirection, and directory traversal vulnerabilities.
a855a651720da4d549f9b5abc9c5497e9eafb205df8154d2cb842c4fccaf3b25Apple iOS version 9.3.1 suffers from a Siri-related passcode bypass vulnerability.
4c2d625cde1a9e433b27469eab9f4af913c2d5ad1f92f9819ea9dcc34be5d796Multiple reflected cross site scripting issues were discovered in Cyberoam NG appliances. Input passed via the 'ipFamily', 'applicationname' and 'username' GET parameters to LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitized before being returned to the user. Adding arbitrary 'X-Forwarded-For' HTTP header to a request makes the appliance also prone to a XSS issue. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
76576be8630c45295bbad88ae0ff962e2700d9f8ae39ccd8dac71c467da5f8b9Pulse version 0.7.0 Final suffers from cross site request forgery and cross site scripting vulnerabilities.
ea8464956bfa6c42a33165b5b3aba39f84d4fac00ae1a4d00252f2abba47e365MeshCMS version 3.6 suffers from a remote command execution vulnerability.
da04f5d5f4b1209e8faff39fb9ec4d95d49dbf0019c36962d2b9433ead3184acQuanta LTE routers suffer from backdoor accounts, remote code execution, weak WPS functionality, arbitrary file reading, and a ridiculous amount of other vulnerabilities.
574a7a5333ba067e960ea26d54102349d8fe190084d3f24d869cdee6d409231f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed