| Real Name | Jeremy Brown |
|---|---|
| Email address | private |
| Website | www.patchtuesday.org |
| First Active | 2008-07-15 |
| Last Active | 2021-08-04 |
Riak runs as an Erlang service configured with a default cookie of riak that allows for remote command execution if not modified before use.
15cc4108a20bbd107a3861961401ba62Okta Access Gateway version 2020.5.5 suffers from multiple authenticated remote root command injection vulnerabilities.
117cdacc6c045a9f6239a8f7082bfc82Docker Dashboard suffers from a remote command execution vulnerability. The fix is added in commit 79cdc41.
4c29691af5fd9c2080f1f24e78725fe6HPE RDA-CAS version 1.23.826 remote denial of service exploit.
52393acabc0419fe8daf4eb578d8ab61Cisco Modeling Labs version 2.1.1-b19 remote command execution exploit.
a1d30ba3be5b867dccae401fb8872c58F5 BIG-IQ VE version 8.0.0-2923215 post-authentication remote root code execution exploit.
a11dfe5c02989bd70fe132ae0aa3fd92PIMT is a Public Infrastructure Monitoring Tool (pronounced PIM-tee). It queries common recon tools for publicly available data regarding particular organizations based on the domains and keywords provided. It is not meant to provide complete coverage for every external asset that belongs to a company as attackers usually do not have this detailed info or mapping either. One can use it to paint some sort of picture of what external attackers may be looking at, the changes occurring over time and insight for how to further harden the perimeter. The key idea being to provide valuable data to red teams as well as addition al monitoring capabilities for defenders.
15640e4fe41be31efdca68b52b77e376Zoom version 4.6.239.20200613 suffers from a Meeting Connector post-authentication remote root code execution vulnerability via the proxy server functionality. The latest Zoom client has this issue patched per Zoom.
502538df7bfbda265c17c493f89179b7Openpilot has a default SSH key that can allow attackers remote access if not changed. This script port scans and attempts to login to Openpilot SSH servers with the default key.
b9e467ddb7a4cfc15deec4d13e92486aHPE Edgeline Infrastructure Manager suffers from multiple broken authorization flows that allow for administrative function access without authenticating and can allow for arbitrary password changes.
75012bca2029a5ddfe8ad8255b3f5f1bCassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it and provide the web access, so they are also one thing that can be captured via the arbitrary file read. Version 0.5.0 is affected.
5d45ddf35f9f55300493bfefe8020924Stratodesk NoTouch Center virtual appliance suffers from a privilege escalation vulnerability. This was addressed in version 4.4.68.
f6ac4d9b376df40c169c841245383a04estr2bc is a python script to convert arbitrary string input to Erlang bytecode.
095fa28eaa19faca6a6c82b238094580This Metasploit module exploits a command injection in Ajenti version 2.1.31. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
7c4130c9c91b99ff51567ab20d19ea6eRemote exploit for Podman when configured with Varlink that allows for remote command execution, denial of service, directory traversal, and information disclosure vulnerabilities.
877a6bf3a116aaaf342e4d3eba5c9537Ajenti suffers from a remote command execution vulnerability.
132a31448e87adbe514497f20f8d446fWhale in a win32 attack surface toolkit written in C#. It's capable of monitoring many of different areas of the Windows for new and removed kernel objects, open ports, drivers, services and much more. It also allows a user to test for different bug classes and has found a few interesting issues across the sub-systems.
7c7cd88d5b54f9d2ccbe3d190ca4c39eMicrosoft Windows 10 x86/x64 build 10.0.14393 WLAN autoconfig named pipe denial of service proof of concept exploit.
d78a9bd236d6a1942ee373d12364f61fBlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to assume complete control over the virtual appliance with root privileges. This is possible due to multiple network servers listening for network connections by default, allowing authorization with undocumented credentials supported by appliance's OS, web interface and sql server. Versions 4.5.1.35 and 4.5.1.96 are affected.
229e9c7351054e6f28651057eb3cffdaShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.
54c861884798451395aeaab5988a76c7Portmanteau is an experimental unix driver IOCTL security tool that is useful for fuzzing and discovering device driver attack surface.
e1ff72313a6273d9d6517fa2acc9504aLibmimedir suffers from a memory corruption vulnerability. Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution.
1df4218448d7ac2e97f07d47f005d627Seagate Central by default has a passwordless root account (and no option to change it). This exploit logs into the ftp server and uploads a php shell to the webroot. From there, the uploaded shell can execute commands with root privileges as lighttpd.
2a6158d11c1b40429f00b3cddeb09dafSeagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser and this exploit takes advantage of two bugs - Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens and reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data.
7cd4d2e2bae235e1c45b77da702e1e5fComodo GeekBuddy, which is bundled with Comodo Anti-Virus, Comodo Firewall, and Comodo Internet Security, runs a passwordless, background VNC server and listens for incoming connections. This can allow for at least local privilege escalation on several platforms. It also may be remotely exploitable via CSRF-like attacks utilizing a modified web-based VNC client (eg. a Java VNC client).
9fc05c99e3ced7baa78fc5b8a35e8e13
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed