FTGate 2009 SR3 May 13 2010 Build 6.4.000 suffers from multiple cross site scripting vulnerabilities.
99a355c0ad599328abceaf0fae609ea435adbf8015e3bff1bf74e184f3f138db
FTGate version 7 suffers from multiple cross site request forgery vulnerabilities.
fd79666db0bf16b4789a4b47b07c05cca8adffccf0476cac004649e4884f28ce
This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This Metasploit module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.
a3160e35b949105dc779c6f1769beb11f955240e314addc241694dc44304af7d
This Metasploit module exploits the CnC web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra.
bba4847d938e70eaa639f5ffbd593428a114739a4c9d9e43f69cba60825e2b73
This Metasploit module exploits unauthenticated simple web backdoor shells by leveraging the common backdoor shell's CMD parameter to execute commands. The SecLists project of Daniel Miessler and Jason Haddix has a lot of samples for these kind of backdoor shells which is categorized under Payloads.
96b4d85b82093a7747d2255737fa73cdfabac010e4e6a0f9042ac20b0cd78d73
Ubuntu Security Notice 2760-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
de3aa6e0975c435774afaabe129529eb031c77093f69aba45a8407301df84c59
Ubuntu Security Notice 2759-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
9d78cf9adfdb9b807b2e11fb63d2b4a4d51e2a604a147c8dffa40b63b82e8695
Red Hat Security Advisory 2015-1855-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. The mod_proxy_fcgi package provides a proxy module for the Apache 2.2 HTTP server. A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash.
c25e7045b536f19c343d2600ad2915983486d7c873edd073a86e8cdca2e369eb
Red Hat Security Advisory 2015-1858-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. The mod_proxy_fcgi package provides a proxy module for the Apache 2.2 HTTP server. A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash.
712e6d3176d4b8c7d8231b6c2b1bdc3883253130045828a63bb0aff667e368a3
HP Security Bulletin HPSBPV03516 1 - A potential security vulnerability has been identified with the HP VAN SDN Controller running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of privileged information. Revision 1 of this advisory.
41cd8f970b7548eb328909f254534afe096b9c71850212470c70d52bff9245a8
FTGate 2009 SR3 May 13 2010 Build 6.4.000 suffers from multiple denial of service vulnerabilities.
e6e80901955db70c66f85b1993add77b2f95a830c53fd9a14093f98da5087ebe
The Bosch Security Systems Dinion NBN-498 web interface suffers from an XML injection vulnerability.
a12d29591883d284d568f0ad1d6260eb088acdb48fe2604e353eb253983126e0
PIXORD Vehicle 3G Wi-Fi Router suffers from OS command injection, information disclosure, and various other vulnerabilities.
03ad30f1f842d6ddf4697f5efd5ca3278bb8272bd2d539ab9c4945bec0b34bfa
FTGate 2009 SR3 May 13 2010 Build 6.4.00 suffers from multiple cross site request forgery vulnerabilities.
6e925b84a783858a7d7e6b12219a361993b2ff36e6cac576b107f6ef30aea172
This tool helps exploit race conditions on Windows filesystems.
8137e809133703f08cdb5ca2bd6d5f144e36bcc1c8b2078fe6f661dd28646725
WinRAR settings import command execution proof of concept exploit.
dac679a571be8faa5e8774fd313bbbc45be49a86dc7067b4c95eb95ccfeabdea
VMware vCenter Server provides a centralized platform for managing your VMware vSphere environments so you can automate and deliver a virtual infrastructure. VMware vCenter was found to bind an unauthenticated JMX/RMI service to the network stack. An attacker with access can abuse the configuration to achieve remote code execution, providing SYSTEM level access to the server.
10390f727e34027dc5042e78df6a093644dcc4e778d7b8da10844696d32650b1
Pygments FontManager._get_nix_font_path version 1.2.2-2.0.2 suffers from a shell injection vulnerability.
3397a1c355830a482e027b8cd95b6bf167ba0bb49d1180a4c3f8616aa279a2e4
Telegram suffers from various vulnerabilities such as denial of service and time limit bypass.
1dc735240d34d31b30cc38d165446cf8c0d032383f52204d8ecec2fb7ef28f34