A user who creates a GCE VM with compute-rw privileges, who subsequently has that single VM compromised, can lead to a global compromise of all VMs inside of the account.
f32f108c6ebc06959686ee94ee49b69bBizagi BPM Suite suffers from cross site scripting and remote SQL injection vulnerabilities.
6f4252d73c9ad90dae95225a9022f126pam_fprintd local root proof of concept exploit that spawns a shell. pam_fprintd uses net.reactivated.Fprint service to trigger finger swiping and registers DBUS signal inside the PAM authentication function. Then, when the DBUS signal arrives, the signal argument is basically just checked to be the "verify-match" string; which however is expected to come from the legit net.reactivated.Fprint service. Since there is no message filter registered in either pam_fprintd, nor inside dbus-glib which it is using, such signals can be spoofed by anyone.
1786d9b3cee692d8370585417bc01109oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
1aaaa43e0dac2f1e71dc5364d5c46b61Google Compute Engine VMs suffer from multiple traffic-based denial of service vulnerabilities.
b861d62d563726bbdecf79b01b1b1a88Videos Tube version 1.0 suffers from remote SQL injection vulnerabilities.
ccb3a178d4e858d1ca8070b269c9f9e4oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
bcff9f9e01eecb7687f9395d02a05725Pixie CMS version 1.04 suffers from multiple POST cross site scripting vulnerabilities.
9b78558a09ae81ed7d384962b97ffafaThis Metasploit module exploits a remote command execution vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.2.0. The bug is found in the REST API, which requires no authentication or authorization, where the search function allows dynamic scripts execution, and can be used for remote attackers to execute arbitrary Java code. This Metasploit module has been tested successfully on ElasticSearch 1.1.1 on Ubuntu Server 12.04 and Windows XP SP3.
935d0eaea1b955a877d9b174038a6a06RedTeam Pentesting discovered an SQL injection vulnerability in the file browser component of webEdition CMS during a penetration test. Unauthenticated attackers can get read-only access on the SQL database used by webEdition and read for example password hashes used by administrative accounts. webEdition versions 6.3.8.0 svn6985 down to 6.3.3.0 is affected.
f869ef0dc2d236d1e4a5feaa1d142941RedTeam Pentesting discovered a remote command execution vulnerability in the installer script of the webEdition CMS during a penetration test. If the installer script is not manually removed after installation, attackers cannot only reinstall webEdition, but also gain remote command execution. webEdition CMS version 2.8.0.0 is affected.
d0a8861e7ba29a4e2197e879c76789adA vulnerability in Windows DHCP was found on Windows OS versions ranging from Windows 2000 through to Windows server 2003. This vulnerability allows an attacker to remotely overwrite DNS, Gateway, IP Addresses, routing, WINS server, WPAD, and server configuration with no user interaction. Successful exploitation of this issue will result in a remote network configuration overwrite. Microsoft acknowledged the issue but has indicated no plans to publish a patch to resolve it.
535d32799e8d5c79bd314ee2a3a71e9bSharetronix version 3.3 suffers from cross site request forgery and remote SQL injection vulnerabilities.
39662671a2172e1d6cb0875e06d10f9aNICE Recording eXpress versions 6.0.x, 6.1.x, 6.2.x, 6.3.x, and 6.5.x suffer from cross site scripting, root backdoor, unauthenticated access, fail authorization, insecure cookie handling, and remote SQL injection vulnerabilities.
84c627abbbedce37f8fcc1d6c972b8f4Fiyo CMS version 1.5.7 suffers from a cross site scripting vulnerability.
cef86b73cd9a6056bc247e24da162cccTORQUE Resource Manager versions 2.5.x through 2.5.13 suffer from a stack buffer overflow vulnerability.
470b1d1a56ee44f68d79e62d8c5debbfCastor Library version 1.3.3-RC1 suffers from a file disclosure vulnerability via XXE injection.
ba85851f4d1f764fd0e6058721c2d966In limited circumstances it was possible for a malicious web application to replace the XML parsers used by Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs) and tag plugin configuration files. The injected XMl parser(s) could then bypass the limits imposed on XML external entities and/or have visibility of the XML files processed for other web applications deployed on the same Tomcat instance. Versions affected include Apache Tomcat 8.0.0-RC1 to 8.0.5, Apache Tomcat 7.0.0 to 7.0.53, and Apache Tomcat 6.0.0 to 6.0.39.
5bf0de101075a8680add82c3a1818657The default servlet allows web applications to define (at multiple levels) an XSLT to be used to format a directory listing. When running under a security manager, the processing of these was not subject to the same constraints as the web application. This enabled a malicious web application to bypass the file access constraints imposed by the security manager via the use of external XML entities. Versions affected include Apache Tomcat 8.0.0-RC1 to 8.0.3, Apache Tomcat 7.0.0 to 7.0.52, and Apache Tomcat 6.0.0 to 6.0.39.
6239c35f875e5fb748a963512ba6bf99XML Security Library is a C library based on LibXML2. It provides an implementation for major XML security standards: XML Digital Signature and XML Encryption.
ce12af00283eb90d9281956524250d6eThis Metasploit module injects a malicious udp packet to crash Wireshark 1.8.0 to 1.8.7 and 1.6.0 to 1.6.15. The vulnerability exists in the capwap dissector which fails to handle an incomplete packet.
95b5a8eb1d95df0bcc04737288bcd492InterScan Messaging Security Virtual Appliance version 8.5.1.1516 suffers from a cross site scripting vulnerability.
4278ef2985d9212d5f17304df293d1a2WordPress DZS Video Gallery plugin suffers from cross site scripting and content spoofing vulnerabilities.
d9670acbbfc340e93f7cc89cb99b6f0bEasy File Sharing FTP Server version 3.5 suffers from a stack buffer overflow vulnerability.
28daba762d05b952e079a7f838afd7f8ProtonMail.ch suffers from cross site request forgery, header injection, and out of date software vulnerabilities. Note that this finding houses site-specific data.
3a3771bd65c50a7abe9a35a69d808576
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed