FTGate 2009 SR3 May 13 2010 Build 6.4.000 suffers from multiple cross site scripting vulnerabilities.
99a355c0ad599328abceaf0fae609ea435adbf8015e3bff1bf74e184f3f138dbFTGate version 7 suffers from multiple cross site request forgery vulnerabilities.
fd79666db0bf16b4789a4b47b07c05cca8adffccf0476cac004649e4884f28ceThis Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This Metasploit module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.
a3160e35b949105dc779c6f1769beb11f955240e314addc241694dc44304af7dThis Metasploit module exploits the CnC web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra.
bba4847d938e70eaa639f5ffbd593428a114739a4c9d9e43f69cba60825e2b73This Metasploit module exploits unauthenticated simple web backdoor shells by leveraging the common backdoor shell's CMD parameter to execute commands. The SecLists project of Daniel Miessler and Jason Haddix has a lot of samples for these kind of backdoor shells which is categorized under Payloads.
96b4d85b82093a7747d2255737fa73cdfabac010e4e6a0f9042ac20b0cd78d73Ubuntu Security Notice 2760-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
de3aa6e0975c435774afaabe129529eb031c77093f69aba45a8407301df84c59Ubuntu Security Notice 2759-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
9d78cf9adfdb9b807b2e11fb63d2b4a4d51e2a604a147c8dffa40b63b82e8695Red Hat Security Advisory 2015-1855-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. The mod_proxy_fcgi package provides a proxy module for the Apache 2.2 HTTP server. A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash.
c25e7045b536f19c343d2600ad2915983486d7c873edd073a86e8cdca2e369ebRed Hat Security Advisory 2015-1858-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. The mod_proxy_fcgi package provides a proxy module for the Apache 2.2 HTTP server. A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash.
712e6d3176d4b8c7d8231b6c2b1bdc3883253130045828a63bb0aff667e368a3HP Security Bulletin HPSBPV03516 1 - A potential security vulnerability has been identified with the HP VAN SDN Controller running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of privileged information. Revision 1 of this advisory.
41cd8f970b7548eb328909f254534afe096b9c71850212470c70d52bff9245a8FTGate 2009 SR3 May 13 2010 Build 6.4.000 suffers from multiple denial of service vulnerabilities.
e6e80901955db70c66f85b1993add77b2f95a830c53fd9a14093f98da5087ebeThe Bosch Security Systems Dinion NBN-498 web interface suffers from an XML injection vulnerability.
a12d29591883d284d568f0ad1d6260eb088acdb48fe2604e353eb253983126e0PIXORD Vehicle 3G Wi-Fi Router suffers from OS command injection, information disclosure, and various other vulnerabilities.
03ad30f1f842d6ddf4697f5efd5ca3278bb8272bd2d539ab9c4945bec0b34bfaFTGate 2009 SR3 May 13 2010 Build 6.4.00 suffers from multiple cross site request forgery vulnerabilities.
6e925b84a783858a7d7e6b12219a361993b2ff36e6cac576b107f6ef30aea172This tool helps exploit race conditions on Windows filesystems.
8137e809133703f08cdb5ca2bd6d5f144e36bcc1c8b2078fe6f661dd28646725WinRAR settings import command execution proof of concept exploit.
dac679a571be8faa5e8774fd313bbbc45be49a86dc7067b4c95eb95ccfeabdeaVMware vCenter Server provides a centralized platform for managing your VMware vSphere environments so you can automate and deliver a virtual infrastructure. VMware vCenter was found to bind an unauthenticated JMX/RMI service to the network stack. An attacker with access can abuse the configuration to achieve remote code execution, providing SYSTEM level access to the server.
10390f727e34027dc5042e78df6a093644dcc4e778d7b8da10844696d32650b1Pygments FontManager._get_nix_font_path version 1.2.2-2.0.2 suffers from a shell injection vulnerability.
3397a1c355830a482e027b8cd95b6bf167ba0bb49d1180a4c3f8616aa279a2e4Telegram suffers from various vulnerabilities such as denial of service and time limit bypass.
1dc735240d34d31b30cc38d165446cf8c0d032383f52204d8ecec2fb7ef28f34
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed