This Metasploit module exploits a command execution vulnerability in Pi-Hole versions 3.3 and below. When adding a new domain to the whitelist, it is possible to chain a command to the domain that is run on the OS.
cfc36a06914072c52416ddfd61eac6960d61e2221a60fe7ace44ef28f80b6a52This Metasploit module exploits an injection vulnerability in the Network Manager VPNC plugin to gain root privileges. This Metasploit module uses a new line injection vulnerability in the configured username for a VPN network connection to inject a `Password helper` configuration directive into the connection configuration. The specified helper is executed by Network Manager as root when the connection is started. Network Manager VPNC versions prior to 1.2.6 are vulnerable. This Metasploit module has been tested successfully with VPNC versions: 1.2.4-4 on Debian 9.0.0 (x64); and 1.1.93-1 on Ubuntu Linux 16.04.4 (x64).
07e3f24f0ba44622e12961448bb4ae2cacb1f01c983cf368bc94c3c2107fbe4aNetwork Manager VPNC version 1.2.4 suffers from a privilege escalation vulnerability.
07086aef8c32f905b63b3ac0bd56d5717e5df977d219eaf6d7809892f46da39fTwo vulnerabilities were discovered within the Oracle WebLogic SAML service provider authentication mechanism. By inserting an XML comment into the SAML NameID tag, an attacker can coerce the SAML service provider to log in as another user. Additionally, WebLogic does not require signed SAML assertions in the default configuration. By omitting the signature portions from a SAML assertion, an attacker can craft an arbitrary SAML assertion and bypass the authentication mechanism.
df883ee3bce61fab76fb737953e569c776dce1d344a6385409a6926c2d6cf3efNfdump versions 1.6.14 and below suffer from heap overflows that allow for denial of service attacks.
754bf4505d758095cd48cfcbf41cf29dbc1850bd31bd11e5f86b0ac8519a93ddThis Metasploit module exploits an arbitrary file upload vulnerability found within the Up.Time monitoring server 7.2 and below. A malicious entity can upload a PHP file into the webroot without authentication, leading to arbitrary code execution. Although the vendor fixed Up.Time to prevent this vulnerability, it was not properly mitigated. To exploit against a newer version of Up.Time (such as 7.4), please use exploits/multi/http/uptime_file_upload_2.
3a747350c98cce69fa71e25b346c4de32b1a03a8ca5d876cf4c6dd0be8365fbcThis Metasploit module exploits a vulnerability found in Uptime version 7.4.0 and 7.5.0. The vulnerability began as a classic arbitrary file upload vulnerability in post2file.php, which can be exploited by exploits/multi/http/uptime_file_upload_1.rb, but it was mitigated by the vendor. Although the mitigation in place will prevent uptime_file_upload_1.rb from working, it can still be bypassed and gain privilege escalation, and allows the attacker to upload file again, and execute arbitrary commands.
e4c4f677632b91ee1052cfd06295ff58c8b4598033272f0dde8231ba8fb27720OpenLDAP versions 2.4.42 and below suffer from a remote denial of service vulnerability.
0c1bf0a1bcf96cdd744d44d9297e87b79b407bd844d5d254ee0ba7ef0957f829This document details a stack based buffer overflow vulnerability within TestDisk version 6.14. A buffer overflow is triggered within the software when a malicious disk image is attempted to be recovered. This may be leveraged by an attacker to crash TestDisk and gain control of program execution. An attacker would have to coerce the victim to run TestDisk against their malicious image.
7a37d596089ffb1fa811b151734f591791c8d53219a3fdd9ea5cf26e1b134cc6A use after free vulnerability was discovered within the header parser of the Open Litespeed web server. This vulnerability can be successfully exploited to trigger an out of bounds memory read, resulting in a segmentation fault crashing the web server. Versions 1.3.9 and below are affected.
ba696755f82d0a6c51a8e925464c14c179ecc0f068dad4c1169fb09cd1f7d894This advisory details a vulnerability found within Kaseya Browser Android application. A path traversal vulnerability was discovered within an exported content provider, resulting in the disclosure of arbitrary files, including internal application files.
cd0eed73304887bcbc11bac4f7dca27d8f196f11666aa9eebef47a9489785ca8This advisory details multiple vulnerabilities found within the Kaseya BYOD Gateway software. By chaining a combination of lacking SSL verification, poor authentication mechanisms and arbitrary redirection vulnerabilities, a malicious entity may potentially compromise any Kaseya BYOD installation. The Kaseya BYOD Gateway software uses a redirection feature, wherein users are redirected to their local Kaseya installation via Kaseya's hosted servers. The update request from the BYOD Gateway software to the Kaseya hosted servers was not found to verify SSL certificates and fails to implement any form of authentication, instead relying on the length of the gateway identifier to provide security. Thus, the security of the solution depends on an attacker's ability to enumerate the gateway identifier. Once a malicious user enumerates the Gateway identifier, then they may update the redirect rule for that customer in Kaseya's hosted servers, redirecting customers to a malicious Kaseya BYOD Gateway. Version 7.0.2 is affected.
84b242264d948879e1883fb40c965edd3e0f9240397d1c5870d701482625f9beMultiple direct object reference vulnerabilities were found within the AirWatch cloud console. VMWare advised that these issues also affect on-premise AirWatch deployments. A malicious AirWatch user may leverage several direct object references to gain access to information regarding other AirWatch customers using the AirWatch cloud. This includes viewing groups and downloading private APKs belonging to other organizations.
5468547ad7baa8b8e0d41f706bd7a80458d99dc96cd25a19ec2e1b6344263f4fFortinet FortiOS with firmware 5.0 build 4457 (GA Patch 7) suffers from a CAPWAP daemon DTLS denial of service vulnerability and man-in-the-middle vulnerability.
1d7eabcba5b448e1f50b41f696a137829a3448ee8819d84a471f0f1752e6f73cFortinet FortiClient suffers from broken SSL certificate validation and hardcoded encryption key vulnerabilities. This affects FortiClient iOS version 5.2.028 and FortiClient Android version 5.2.3.091.
89b742d1f97f2adee5b04d0eebd11f2dfb73e303bea379908618783f651c1060Fortinet FortiAuthenticator suffers from subshell bypass, cross site scripting, password disclosure, and file disclosure vulnerabilities.
2316f48a2a964f620060702d77fc255206e56d4b01b414a4518441e617b7964eCisco Meraki Systems Manager suffers from cross site request forgery, abuse of functionality, and cross site scripting vulnerabilities.
9c34baf2089dd34e016937a33e17e5155490db6c285d7340f4b9688fcc63d496Aerohive Hive Manager (Stand-alone and Cloud) versions greater than and equal to 6.1R3 and HiveOS version 6.1R3 suffer from bypass, code execution, cross site scripting, file disclosure, local file inclusion, arbitrary file upload, missing passphrase, and password disclosure vulnerabilities.
cda32b36ba6f19559448f8007c162ba158f4b31d35722a7b7f4a3f40b5f0e800This whitepaper details the steps taken to unpack an application, locate the pinning handler, patch and repack. The techniques detailed in this whitepaper may also be used to achieve other goals when hacking Android applications.
b380448797b174e0ef5426b8ceaf08d03d726e7add0c4fa1576aecd5d4c6dc55Uptime Agent version 5.0.1 suffers from a stack overflow vulnerability. Proof of concept exploit included in this archive.
41b899e65489dca57409b920655c2a7e8ceaa50c5c528ba41a1b386ce5695a6c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed