This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware Version <= 8.0.1.008 and Load Balancer Firmware <= v5.4.0.004 by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.
ada1acb74888da1ee068093d1bfd8b3f3fa7cbe886c53bffebec80de7451a35eWordPress Ultimate Product Catalog plugin versions 3.9.8 and below suffer from a remote unauthenticated blind SQL injection vulnerability.
5bacab668e9242da4ccd6ac7578697bc74b3ca2afbaf088e2ffe1dba9f652000Linux ARM/ARM64 architectures suffer from an arbitrary memory read vulnerability in perf_event_open().
d93d6ea3ad561c8f7d1736c08ffd738028f0f1563210cd2723d3dd9167a9b0bcExponent CMS version 2.3.9 suffers from a cross site scripting vulnerability that allows for user account addition.
423cf5f16e0bc3e2b68f98c0ffbfb9ff0056a53477952e4c8a5336cbd334fcf1Zortam Media Studio version 20.60 suffers from a buffer overflow vulnerability.
60f4ac036146a9137d475523420c506dc7dcbe9ef06f4a36f384d1f5d5bb0db1Debian Linux Security Advisory 3633-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.
69e2b39b3913e68cc3897dadfc8422de8be200cf50452bcb270d6b48048d7d24Saveya suffers from a malicious script insertion vulnerability.
5551173a26e0ebd8d02b44aefec2da15f69c5fefb72772e0228d85ebfaa58bccZoll Checklist version 1.2.2 suffers from a malicious script insertion vulnerability.
eded9a2d4136f497a7b8aa4fc8fae14d8f6c7b0c761dd5482b1e3db648ac5264AppArmor has a reference count leak in aa_fs_seq_hash_show that can be used to overflow the reference counter and trigger a kernel use-after-free.
aeb4adc2c9454e00e280467d5afe605088bc235c957b16c9ba2883396aeb3993Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
0ce0241330828973f5b4efee422a3760cab8ce0b41e7721c4b9fd185be1bb10bMultiple products from AXIS suffer from a remote command execution vulnerability.
5d3626abb1ca74ae36c7f97673ca1ac0fa4274ea3398a978924fd38256827c7bAvaya Fabric Connect VSP, under specific conditions, can accept and process specially crafted and spoofed Ethernet frames, which can lead to unauthorized access to devices intended to be secured from untrusted traffic sources. The vulnerability is caused by mishandling VLAN and I-SID indexes within the Fabric infrastructure. Version 4.1.0.0 is affected.
febf9c8d06e60cb5763c39467e3b800a3a47afa1bfb25a99e6dbc40ebfbb1519Red Hat Security Advisory 2016-1519-01 - Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.6 release serves as a replacement for JBoss Operations Network 3.3.5, and includes several bug fixes.
9e8eda7cc87b09b7d965a2368ef110c52ca58a71169b633cc43b9d107529ee95Debian Linux Security Advisory 3632-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.26. Please see the MariaDB 10.0 Release Notes for further details.
1034107a2809d4f21af57f0bbc38fd4ea778e2457506a9b747c59bfab574464bLastPass version 4.1.20a on Windows suffers from some issues where the add-on works by injecting elements and event handlers into the page. The attached proof of concept will delete a given file.
251e29ebd27cfc49ad197f0294b26341778ad40b289cfd17cf8122679ada2ce7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed