This Metasploit module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. This vulnerability can only be exploited by an authenticated client, or if supervisord has been configured to run an HTTP server without authentication. This vulnerability affects versions 3.0a1 to 3.3.2.
99930294bef23f9b9d84c06aa2386d0ad63e5b162e9d0bb0cd32b041027c9f56Clickheat version 1.13 suffers from a remote command execution vulnerability.
300ce9838bd8a669889600e36ca5c0dafd090928c0e4b644dfa8cac24db9a8a8Untangle NGFW versions 9 through 11 suffer from a cross site scripting vulnerability that can allow for remote code execution as root. They also suffer from an information disclosure vulnerability. This is a follow up discussing additional attack vectors not previously disclosed in the prior advisory.
e86c9969d013c35f87d327a8f236b5f675e69ae24e898f23a4e957c0d77bf3adUntangle NGFW versions 9 through 11 suffer from a cross site scripting vulnerability that can allow for remote code execution as root.
a3cb12027a6ffc525cec30197ca2a8e07e4441321519f0aea96bf4b2ec12571a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed