N-Central Remote Support Manager version 14.2.7.171 suffers from code execution via file upload and arbitrary file read vulnerabilities. Proof of concepts included.
1f4e68e01c2f6dd21ce1ed63c7fc330ce2623bb0e78c7368413d32bd51910629When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. Affected includes F5 BIG-IP 11.x versions before 11.6.0, 11.5.1 HF3, 11.5.0 HF4, 11.4.1 HF, 11.4.0 HF7, 11.3.0 HF9, and 11.2.1 HF11, Enterprise Manager 3.x versions before 3.1.1 HF2.
f5a601d52bace71319785c4a4bfb38eecd8c7a083e7b2a88c883e44a078bdb89Aerohive Hive Manager (Stand-alone and Cloud) versions greater than and equal to 6.1R3 and HiveOS version 6.1R3 suffer from bypass, code execution, cross site scripting, file disclosure, local file inclusion, arbitrary file upload, missing passphrase, and password disclosure vulnerabilities.
cda32b36ba6f19559448f8007c162ba158f4b31d35722a7b7f4a3f40b5f0e800The Accellion Secure File Transfer SFTP Satellite ships with SSH tunneling enabled. An authorized SFTP user can connect to the SFTP satellite and leverage the SSH tunneling functionality to attack localhost bound ports that are not intended to be exposed externally. By leveraging trust assumptions in the running Rsync daemon, sensitive files including the MySQL root password are retrievable. This password can be used when connecting to the MySQL database, also running on localhost, and the password hashes of all users configured on the server can be retrieved. Accellion released a software update to version FTA_9_8_70 on the 4th of December 2013 which disables SSH tunneling and prevents this issue being exploited.
68bc250d8823491080a18930f81edf603898e7a112a41ce582d30e72238a43bbThis Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya versions below 6.3.0.2. A malicious user can upload an ASP file to an arbitrary directory without previous authentication, leading to arbitrary code execution with IUSR privileges.
3e11070aa3e56e32d0904d26cac7cacb888f2199f24e9d97a3ad562caf0a7096This Metasploit module exploits an arbitrary file upload vulnerability in DesktopCentral 8.0.0 below build 80293. A malicious user can upload a JSP file into the web root without authentication, leading to arbitrary code execution.
a58c7e48a0560ea998d7234b701c9f96d4b2b76ae74d19faf4f38e4420896922DesktopCentral versions prior to 80293 suffer from a remote shell upload vulnerability.
4aad22e43397ec7360050815be62145be5467cc3cc7f5dc670993b7a63712604Kaseya version 6.3 suffers from a remote shell upload vulnerability.
20dc6ed57c27f12c771790a0beb065620e6be1b55b63ed26a4bc41e7bec9b483
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed