This Metasploit module exploits a directory traversal vulnerability in ATutor on an Apache/PHP setup with display_errors set to On, which can be used to allow us to upload a malicious ZIP file. On the web application, a blacklist verification is performed before extraction, however it is not sufficient to prevent exploitation. You are required to login to the target to reach the vulnerability, however this can be done as a student account and remote registration is enabled by default. Just in case remote registration isn't enabled, this module uses 2 vulnerabilities in order to bypass the authentication.
785e70dc713dbe9859a24caed94df37a4548874034fcd9af2cb5fcfe2e29d3b8HP Security Bulletin HPSBGN03444 2 - Potential vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could allow remote code execution and disclosure of sensitive information. Revision 2 of this advisory.
8825a302f1a200b2f6239bd036841adc3188f5ef702fd54e39a2aeb0732b7666Debian Linux Security Advisory 3534-1 - Guido Vranken discovered several vulnerabilities in dhcpcd, a DHCP client, which may result in denial of service.
180e4ab5184446f56627604e2ffd71bdd1d2b5b45b77c3827eb4fd8571839142Ubuntu Security Notice 2943-1 - It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code.
6cbac82f606750aa69956cb42539b0ebda39d70b7a7b4d1a637a32d433f9abafThere is a remote debugger stub listening by default on a new install of TrendMicro Antivirus that can be exploited to launch executables.
191c3b9d20b797c02c3aeb399b9f99fed1f18221adf47c360e14714b35343f0cDebian Linux Security Advisory 3533-1 - Kashyap Thimmaraju and Bhargava Shastry discovered a remotely triggerable buffer overflow vulnerability in openvswitch, a production quality, multilayer virtual switch implementation. Specially crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially, execution of arbitrary code.
559ae703847f6849bf11664afeaad36e97e981adfe2d76de0bc1963a704f8f22Manage Engine Desktop Central version 9.1.0 build 91099 suffers from a cross site scripting vulnerability.
f8ccfebb4e934635d94e79bd0f76926af384cafb4f57181e94a1a6e511b9d44eFireware XTM Web UI versions prior to 11.10.7 suffer from an open redirection vulnerability.
9cf0d50a76454efe4c350846c2758f2facd9d84fa66efc3f5409c80f01a2a26b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed