MobaXterm Personal Edition version 10.2 suffers from an FTP remote file disclosure issue via a directory traversal vulnerability.
3ef071b88d048e1d6052c21289b32d7747d76ff50bd3df20848ab244a6cccf23This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Dup Scout Enterprise v9.5.14, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
46f09d2f260a4c795547b4cce19e1ae4b6b57750101f9224839a951a9912fc72PingID MFA suffers from a cross site scripting vulnerability.
57db2d857b67db2cb5f666a09adf045cea62b437c8e44e89fed65992fb15d053This Metasploit module exploits an unauthenticated remote command execution vulnerability in the console component of Serviio Media Server versions 1.4 to 1.8 on Windows operating systems. The console service (on port 23423 by default) exposes a REST API which which does not require authentication. The 'action' API endpoint does not sufficiently sanitize user-supplied data in the 'VIDEO' parameter of the 'checkStreamUrl' method. This parameter is used in a call to cmd.exe resulting in execution of arbitrary commands. This Metasploit module has been tested successfully on Serviio Media Server versions 1.4.0, 1.5.0, 1.6.0 and 1.8.0 on Windows 7.
ff2a44ff2877548d39a81f51946f0588cc16648df0f3bb46c2698ef963da2850This Metasploit module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is subtracted into a WORD. The kernel pool is groomed so that overflow is well laid-out to overwrite an SMBv1 buffer. Actual RIP hijack is later completed in srvnet!SrvNetWskReceiveComplete. This exploit, like the original may not trigger 100% of the time, and should be run continuously until triggered. It seems like the pool will get hot streaks and need a cool down period before the shells rain in again.
fcd672e1db61c5667abd4ad7d59c77b0f8210801d49bddeb68652ed4c77084d2This Metasploit module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, exploitation is limited to the default virtual host, assuming the header isn't mangled in transit. If the target is running Apache 2.2.32 or 2.4.24 and later, the server may have HttpProtocolOptions set to Strict, preventing a Host header containing parens from passing through, making exploitation unlikely.
928eb6125df4b025be7b68270b411eb5dfb58e8b71a32b25b6ed380ce5e0f241This Metasploit module exploits a vulnerability found in BuilderEngine 3.5.0 via elFinder 2.0. The jquery-file-upload plugin can be abused to upload a malicious file, which would result in arbitrary remote code execution under the context of the web server.
5ba5bb643f31ecc62484733644b0696342aaba16644737ef5bd5784d1a739d0dAdobe Flash suffers from an out-of-bounds read vulnerability in getting TextField width.
9df26844062fc2ace52e85740d4fa13061df58424c3ec92399e04d0ada74a245Adobe Flash suffers from a heap corruption vulnerability in the margin handling.
19f24cf279fd2e72d032220c5d8428c8270508c3c25f9006996eac40ba0cc4adAdobe Flash suffers from an out-of-bounds read in AVC deblocking.
750594de5f9554b1eb4832b7745301c0ab665475c1dbefff2c225998feca6426Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5 SP2 suffers from faulty access controls, stored cross site scripting, and information disclosure vulnerabilities
637d47762288a065abb2a7389848251703d887b374e4c7cdadcc2d3c44a2c27aSophos Web Appliance version 4.3.1.1 suffers from a session fixation vulnerability.
50104c16e61bf331cca13385710e48feaf4c03fa10d141d75f89fe85b2673a48LabF nfsAxe ftp client version 3.7 suffers from a buffer overflow vulnerability.
21172dda65256d99b65a588422dfc1ba3443d59700c3ea4bf4852e4d14c2b0edMozilla Firefox versions 50 through 55 suffer from a stack overflow denial of service vulnerability.
496d3fe6b582ccad08cca37270b28de1e1f2b55543965b032b3071d9d8886eadWordPress EELV Newsletter plugin version 4.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
ed9b4741ae9c7e9e168aa3084dcca418fd46cf5c966e1c17db39872a293fafb0MikroTik RouterBoard version 6.38.5 suffers from a denial of service vulnerability.
4001fd282fffed16b5ad785b1d53ac73fab845e9ac37ffcfc5b516d70d7d657eMobaXtrem version 10.2 telnet server remote code execution exploit.
fe06162616281f95456b2b71ae5d1c133b8fb681e9885e25401031ef5bf9ee49NextCloud and OwnCloud suffer from a cross site scripting vulnerability in their error pages. OwnCloud versions 9.1.5 and below are affected. NextCloud versions prior to 11.0.3, 10.0.5, and 9.0.58 are affected.
65879de6c3bc16a06a84fa76fc56c4fec014ee26d19bb377b0cde628a8e097a2Microsoft Windows suffers from a stack memory disclosure vulnerability in win32k!xxxClientLpkDrawTextEx.
58a16953958dd050621e1702b09e1edc735d52fbfcdb7a31a10af1e565faf705The handler of the nt!NtTraceControl system call (specifically the EtwpSetProviderTraitsUm functionality, opcode 0x1E) discloses portions of uninitialized pool memory to user-mode clients on Microsoft Windows 10 systems.
e4b83ed0279f0bf7126f660bff80c3238477bad783d8653366676ce865e7a606Microsoft Windows kernel suffers from an uninitialized memory issue in the default DACL descriptor of system processes token.
339b484718a60bc84bf91af536895aefacc2adfe2b2c1224af92554d1cd7c623Two related bugs have been discovered in the Microsoft Windows kernel code responsible for implementing the bind() socket function, specifically in the afd!AfdBind and tcpip!TcpBindEndpoint routines. They both can lead to reading beyond the allocated pool-based buffer memory area, potentially allowing user-mode applications to disclose kernel-mode secrets. They can also be exploited to trigger a blue screen of death and therefore a denial of service condition.
9b41916531e305ccf017e5064b5a3412788fbaa21187262224130f6886d5a773PlaySms version 1.4 suffers from a remote code execution vulnerability.
9878587e8dfdd2451061b778be33b8def9e7dcb8aa71d1ad6556d9627a73ab36Admidio version 3.2.8 suffers from a cross site request forgery vulnerability.
bccda097848e48286eb8e4b8526e4364a507cf370a29636b624eed0ff0fa4399INFOR EAM version 11.0 build 201410 suffers from a remote SQL injection vulnerability.
71fef17ecd1c6e2d315557a38a116f6cf61ae651c4a2c30fb6f539d179fe0115
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed