GFI Mail Archiver versions 15.1 and below Telerik UI component unauthenticated arbitrary file upload exploit.
0b1a0d410ba11ee018218bfcea858e6ee0a4a8bd1ea77bbc349ee71ceba0f198This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization flaw. Uploading the file requires knowledge of the cryptographic keys used by RAU. The default values used by this module are related to CVE-2017-11317, which once patched randomizes these keys. It is also necessary to know the version of Telerik UI ASP.NET that is running. This version number is in the format YYYY.#(.###)? where YYYY is the year of the release (e.g. 2020.3.915).
2f6a8f760339d2c83d483651740d009b85c87d1a8e03ca388c1ef83409e65051The Telerik UI for ASP.NET AJAX insecurely deserializes JSON objects in a manner that results in arbitrary remote code execution on the software's underlying host.
4aab62684a4cdf73f2ac375b58ade0ea344753c8d22b1fdf5f8a4e944c3eee54Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI. Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.
e033638c4387c53924eca9defee5afa2635afbe441c616a88fc88e39c7913e06Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a local root command execution vulnerability.
dba01fd50ccc998756cc8244a767c12352f600e2ebd9dbbb32b2a494b95eb2dfDell EMC RecoverPoint versions prior to 5.1.2 suffer from a remote root command execution vulnerability.
b3959182a01a1aa9519f51835810ba1223553cdd3266080ea2086fb66b9d35d5Dell EMC RecoverPoint versions prior to 5.1.2 and Dell EMC RecoverPoint Virtual Machine (VM) versions prior to 5.1.1.3 suffer from command injection, LDAP password leak, and arbitrary file read vulnerabilities.
a32f56f16886245544fb248cad14e2e09e7d117b2031783004120f837bd910e0EMC RecoverPoint version 4.3 suffers from an administrative CLI command injectionv vulnerability.
e1c8dd80534dc37d7ecb229575ab8a053eb5443847a538b111495eea455104b4BMC BladeLogic RSCD Agent version 8.3.00.64 suffers from a windows users disclosure vulnerability.
5995833cc8f492dec87584458463636dea93dbe19e46cb2d7a645ff0909fa614BMC BladeLogic version 8.3.00.64 suffers from a remote command execution vulnerability.
96811628a219d1a2d4e997236cfb9d820c95744d7700660a86a9edcebd7d80a0Red-Gate SQL Monitor versions prior to 3.10 and 4.2 suffers from an authentication bypass vulnerability.
5e3f0df68ea641671280b1467e481962702b174de3dc96ca797c169e68c6861cNfSen version 1.3.7 and AlienVault OSSIM version 4.3.1 suffer from a customfmt command injection vulnerability.
6b2e5703fd89723e64a82ec4b72ba979239fa1d8e95511ce4df0a2e31d8f0b19NfSen version 1.3.7 and AlienVault USM/OSSIM version 5.3.4 suffer from a remote command injection vulnerability.
95d2698b9bc2ea6a348d98c0e7be5759acfc23cd3feb8a3ccd45bbe1ab8f1470NfSen versions 1.3.7 and below and AlienVault USM/OSSIM versions 5.3.6 and below suffer from a local privilege escalation vulnerability.
a8b33f56ffd726c88dbc984a9d7a8588f36a32cd8aedb73c518ecc1dead228c9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed