A use-after-free vulnerability was discovered in unserialize() with SplDoublyLinkedList object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions 5.6.12 and below, 5.5.28 and below, and 5.4.44 and below.
7068d7798e322a46c2e69230045e711ecf86cbeed6a1aeb9c0bfd3cc11b7c949A use-after-free vulnerability was discovered in unserialize() with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions prior to 5.6.13.
78b8814f488debb34e76681ef84991ebba8a99b93c4858fce8dfddcbc8a3470bMultiple use-after-free vulnerabilities were discovered in session deserializer (php/php_binary/php_serialize) that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions 5.6.12 and below, 5.5.28 and below, and 5.4.44 and below.
379922b40d47340abc8e7b18eb526b13f875829b3cc5a5eb48390af82be079ecWordPress eShop plugin version 6.3.13 suffers from a cross site scripting vulnerability.
e23cf2ca249e37beda9c5ac64979314f1328db60c63aca25bd874fdb5e7a32b6This Metasploit module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but this account had broad sudo permissions, including to run the script /usr/local/bin/chrootpasswd (which changes the password for the Linux root account on the system to the value specified by console input once it is executed). The password for the proxy user account specified will *not* be changed by the use of this module, as long as the target system is vulnerable to the exploit. Very early versions of Endian Firewall (e.g. 1.1 RC5) require HTTP basic auth credentials as well to exploit this vulnerability. Use the USERNAME and PASSWORD advanced options to specify these values if required. Versions >= 3.0.0 still contain the vulnerable code, but it appears to never be executed due to a bug in the vulnerable CGI script which also prevents normal use (http://jira.endian.com/browse/UTM-1002). Versions 2.3.x and 2.4.0 are not vulnerable because of a similar bug (http://bugs.endian.com/print_bug_page.php?bug_id=3083). Tested successfully against the following versions of EFW Community: 1.1 RC5, 2.0, 2.1, 2.2, 2.5.1, 2.5.2. Should function against any version from 1.1 RC5 to 2.2.x, as well as 2.4.1 and 2.5.x.
93595333575588a0761fd710896979bd064097e42ff0603d14d9ecebcedd6cffFireEye appliances suffer from an arbitrary file disclosure vulnerability.
b08c801d04316817e1dd1d0ce1e4ef2deb1071508763d3d3c6729b45dee84968NETGEAR WMS5316 ProSafe 16AP Wireless Management System suffers from authentication bypass and privilege escalation vulnerabilities.
86cc59ece6d7740256a5f0acbd7fe46d2604e8275a7d58e19671e76ed8abe30cDebian Linux Security Advisory 3353-1 - Qinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an implementation of the IETF Service Location Protocol. This could allow remote attackers to cause a denial of service (crash).
7c92b056231ea09c230cb71e51a12433b1b2b6d79d97211dd0e0976f7ff7b105HooToo Tripmate HT-TM01 suffers from multiple cross site request forgery vulnerabilities.
5829fc86548ba014302ddd93ff445c798e2c46a9db2a94506942297d2824697eA use-after-free vulnerability was discovered in unserialize() with SplObjectStorage object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions prior to 5.6.13.
4fd5caf7c4dcacd754676a3cbc4212c2832b480514c1f218168a70d4dc9d6079Using Advantech WebAccess SCADA Software and attacker can remotely manage industrial control systems devices like RTU's, generators, motors, etc. Attackers can execute code remotely by passing a maliciously crafted string to ConvToSafeArray API in ASPVCOBJLib.AspDataDriven ActiveX.
675e8f8ab88e9c12215588d7fd0ea9ed4240581e811774c53a4d540b46b2fe91AutoCAD DWG/DXF to PDF Converter version 2.2 suffers from a buffer overflow vulnerability.
f81c62210b1b8a813c20a05f429363519ef706bff3abe4245f3d48df6f604534Multiple use-after-free vulnerabilities were discovered in unserialize() with Serializable class that can be abused for leaking arbitrary memory blocks or for executing arbitrary code remotely. Affected are PHP versions 5.6.12 and below, 5.5.28 and below, and 5.4.44 and below.
77d34f5cfa55e4abcf2086a401126827fa0bf5ae4047ceeb353c35148cd1c48cGlibc pointer guarding weakness proof of concept code.
64411cf75336417b9d476a2bf486dd76842d1e2a6149f57b59c3900238a0867731 bytes small Linux/x86 execve(/bin/bash) shellcode.
173c71f69962fc12b9cfc727b360eac922f71f7737dcd388c690f9991132a1c7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed