Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a java deserialization vulnerability.
f915b7c8e1490be3b5efefa54a6482a71e7b49a70921a15a16cb111dcf215ee6This Metasploit module exploits a vulnerability in the Bomgar Remote Support, which deserializes user provided data using PHP's unserialize method. By providing an specially crafted PHP serialized object, it is possible to write arbitrary data to arbitrary files. This effectively allows the execution of arbitrary PHP code in the context of the Bomgar Remote Support system user. To exploit the vulnerability, a valid Logging Session ID (LSID) is required. It consists of four key-value pairs (i. e., 'h=[...];l=[...];m=[...];t=[...]') and can be retrieved by an unauthenticated user at the end of the process of submitting a new issue via the 'Issue Submission' form. Versions before 15.1.1 are reported to be vulnerable.
698e0392eb6fd3200601379e4e3d239ebb1d4c3143e7663f8154566abf6dec9cCisco Security Advisory - A vulnerability in the web interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system. The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request with custom user data. An exploit could allow the attacker to execute arbitrary code with root-level privileges on the affected system, which could be leveraged to conduct further attacks. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
358e6cae4e6366a6f3ead0caa340bb5b6b44ff1423e6801085dae36564a1b3b2jbFileManager suffers from a path traversal vulnerability.
a79015bbb00e588181d9b153f7cac50d3cf3b638872d17a01e594029c4e6e0e5FibeAir IP-10 devices do not properly ensure that a user has authenticated before granting them access to the web interface of the device. The attacker simply needs to add a cookie to their session named "ALBATROSS" with the value "0-4-11".
ba7a5b7f1fb1761939ce81f563c29620f9f70fcbfab7ade4b67161271701849eAdobeUpdateService version 3.6.0.248 suffers from an unquoted service path privilege escalation vulnerability.
9c5f6e95b25c9460938aae0eed413db7e1da761bfa9b90122a4b4b6bfbc73e94DDN controllers ship with a set of static entries within the authorized_keys file of several of the user accounts. The corresponding private keys can be obtained from publicly available sources.
470b91b64442d28eebb33a4f527381613c2b67ad4b238cb3ab10d5b46ca3f8e7BookingWizz versions prior to 5.5 suffer from having default administrative credentials, local file inclusion, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
ac3224164fc281f5e02e53dfd05ba5f33417eddad677f722aad191b3626730a1VMware Security Advisory 2016-0009 - VMware vCenter Server updates address an important reflective cross-site scripting issue.
812f5a6cf20427ee2f1f7b8d87d372758a2c33718f894cbf39735e6aa71fbbfbDebian Linux Security Advisory 3603-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.
a05b05ce7875a8810cfc242385ff4450b36ec84fb911f7247abc21e0fc85d365Microsoft Visio suffers from a DLL hijacking vulnerability.
53c0212c96208c6e0d2e1e1d7370c5d98fdadabd301ae83fe691067fc4c7adc9DDN SFA suffers from a privilege escalation vulnerability.
8685f5cd2b43437141d6700fcd38911bb8804b7c0342311a9bbe76773a26134bJoomla En-Masse component versions 5.1 through 6.4 suffer from a remote SQL injection vulnerability.
09c3f40f3b2879c6fd664dafdb1b126b529437d8b3feaa1fc19423d10362f956The fix applied for CVE-2014-1520 does not fix a DLL hijacking issue with Mozilla Firefox's executable installer.
e199135bedf5e3f7e1d5caca9f00c1556e12da31282d21a64a24691d122836fcBlat version 3.2.14 suffers from a stack overflow vulnerability that can trigger a denial of service condition.
f7b53e61f4ab207b0afb88403d6669e16496ff7e18019caac34e370c39a3734fSolarwinds Virtualization Manager versions 6.3.1 and below suffer from a privilege escalation vulnerability due to a misconfiguration of sudo.
d76585db4f9afc3a512397bd6ff0264cc58ddcbbd856e3608a54fd64cf5479b7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed