An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, that allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. Note that the vendor disputes this for two reasons - the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information).
8228457f02b7ab0fd7e392ec8e339789b9e311c048473f4d48761d9c915a58c0Unified Remote version 3.13.0 suffers from a remote code execution vulnerability.
fb6c987128457e20caf89804fff3405afbd5a7051e4fe6cef3b37fa054caf96cThis Metasploit module utilizes the Remote Control Server's protocol to deploy a payload and run it from the server. Remote Control Collection by Steppschuh version 3.1.1.12 was tested and affected at the time of the module writing.
8ec54480d8b7f9ded99d2b49657f9832dc3a324e3a72069c93377bd06f3766c0This Metasploit module utilizes the Remote Mouse Server by Emote Interactive protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password (default). Tested against 4.110, current at the time of module writing.
c755856cc22f5c73769a789fca2bba93c17cf5a3be391dbe30fc988e69e8e0bcThe WiFi Mouse (Mouse Server) from Necta LLC contains an authentication bypass as the authentication is completely implemented entirely on the client side. By utilizing this vulnerability, is possible to open a program on the server (cmd.exe in our case) and type commands that will be executed as the user running WiFi Mouse (Mouse Server), resulting in remote code execution. Tested against versions 1.8.3.4 (current as of module writing) and 1.8.2.3.
a1eb49c803eef32a7d3986d02c20457c3afa4cb25fe942b90918d6d5bcceb6e6This Metasploit module utilizes the Unified Remote remote control protocol to type out and deploy a payload. The remote control protocol can be configured to have no passwords, a group password, or individual user accounts. If the web page is accessible, the access control is set to no password for exploitation, then reverted. If the web page is not accessible, exploitation will be tried blindly. This module has been successfully tested against version 3.11.0.2483 (50) on Windows 10.
6c2eb4ad5b1e41ad931f1a7eef24882ce7a6fe92ea15f97c143643b989a7e758WiFi Mouse version 1.7.8.5 suffers from a remote code execution vulnerability.
26ee57ad5e56c99a3851bf80a6fd10ad140b41167cd0ad64f51f6c14aa755468ASUS Remote Link version 1.1.2.13 suffers from a remote code execution vulnerability.
1a5ce5f0862db47d2e5496fc7bc55a8224b182341334fc196f04fe6b19a14c3bUnified Remote version 3.9.0.2463 suffers from a remote code execution vulnerability.
2b714b85c0360e22383d0e56c3e1e4fde06958f9dd60742fccaabf4d718bee20WordPress Simple File List plugin version 5.4 suffers from a remote shell upload vulnerability.
b6d82218d0df472d65a5d494c1d69fb41b45f32557c4cc264981441b60469b07
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed