This Metasploit module will generate a plugin, pack the payload into it and upload it to a server running Piwik. Superuser Credentials are required to run this module. This Metasploit module does not work against Piwik 1 as there is no option to upload custom plugins. Tested with Piwik 2.14.0, 2.16.0, 2.17.1 and 3.0.1.
71146a4e8085f48e4ba2d27e1f4312199e856feabcaf67fd03fb8887053cef9cGentoo Linux Security Advisory 201702-8 - Multiple vulnerabilities have been found in VirtualBox, the worst of which might allow unauthorized changes to some critical or all accessible data. Versions less than 5.0.32 are affected.
2e1c830c27edb02d45128a5b6abe9c4aeea757074fcc5fe27d12ebb567eca310Gentoo Linux Security Advisory 201702-7 - Multiple vulnerabilities have been found in OpenSSL, the worst of which might allow attackers to access sensitive information. Versions less than 1.0.2k are affected.
2868de12def1f5a6465fb81ae04a5637b8d741fa182174ea0276c56a6a11b31dDebian Linux Security Advisory 3788-1 - It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop.
fccc0e8d24e2cbcbdebf909d672df71e172027daa703372b076c575d5a5dedabDebian Linux Security Advisory 3787-1 - It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop.
94be7fb07b29564d3b1c3d4e2124cdac1418c3f4069cb841360f49990bcc4d48Debian Linux Security Advisory 3786-1 - Editor spell files passed to the vim (Vi IMproved) editor may result in an integer overflow in memory allocation and a resulting buffer overflow which potentially could result in the execution of arbitrary code or denial of service.
775e4571e4739d88dd471a192db988fda5b5e581ca0322f3046583eea651759eShadeYouVPN.com client for Windows version 2.0.1.11 suffers from a local privilege escalation vulnerability due to executing any file path sent through a socket without verification as the SYSTEM user.
4a1d749997a869365fd98d3654f05cc09d6ad345727c1afd4cfe6d7ca72b2a50Riverbed RiOS suffers from an insecure cryptographic storage vulnerability.
6c7eaca80cbaef18c44ff1dad3053a46e808b5645d2ca63316fc835733a57a41The Wall of Sheep would like to announce a call for presentations at DEF CON 25 at the Caesars Palace in Las Vegas, NV from Thursday, July 27th to Sunday, July 30th. This will be the 5th anniversary of their Speaker Workshops. The Wall of Sheep's workshops goal is to deliver talks that increase security awareness and provide skills that can be immediately applied after the conference. Their audience ranges from those who are new to security to the most seasoned practitioners in the security industry. Introductory talks are welcome.
c01798ea50c872d6b4d7778c87a3aeb8be791c8205d8efc9c0ccf9b3dd8c9536WordPress Easy Table plugin version 1.6 suffers from persistent cross site scripting vulnerabilities.
663a5997006fbaac176aaea407d477260d1237802898ab54ae2c82a464577d05Joomla Music Collection component version 3.0.3 suffers from a remote SQL injection vulnerability.
fe0b4ff7ad5683445080cdff2a0ecabd208710db54b993a511ebf40fed808530Joomla GameServer! component version 3.4 suffers from a remote SQL injection vulnerability.
88f550723265c2b4653c8bf949e351080f6b2dbefa2665b476369d7dfecd4716Joomla Fastball component version 3.2.8 suffers from a remote SQL injection vulnerability.
d3138e2a84c8ee8535390679d005c8779c5409c66ac88c67b972814886e20a3fCentOS7 suffers from a kernel crashing denial of service issue triggered by an rsyslog daemon vulnerability.
cb2a32534bce0ac346ffa01b96812752076564f1a8d12aa62b5d0f2ae49ff1bbJoomla GeoContent component version 4.5 suffers from a cross site scripting vulnerability.
3206f2ace2c628bae403cfd64ab195341b7eb99a3989b3797dd82809909e1d90Joomla JE Awd Song component version 1.8 suffers from a remote SQL injection vulnerability.
468b4989661f5f38b114db6332d522af23ede96f9c57a0c129ed70f2bb674064Joomla JE Auto component version 1.5 suffers from a remote SQL injection vulnerability.
391f5721657e65f7c7736ed17bde358ae8113102f4badffc862fb0fc306469dfJoomla JE Auction component version 1.6 suffers from a remote SQL injection vulnerability.
64b41726e8eaa1d1fb3a33d2c661f42b1a515e6e27b2e6ef22e585db08a3d0f1Joomla JE Video Rate component version 1.0 suffers from a remote SQL injection vulnerability.
f357418414224ebf1140c9ba35d7f324438f8962764aa6be532738f520ddc82cJoomla JE Tour component version 2.0 suffers from a remote SQL injection vulnerability.
ed12cb811cad345ecae50bd07f0a98d4c225021b30aaec59ef6562211f7b1608PHP Marketplace Script suffers from a remote SQL injection vulnerability.
ac055451974d9175778f92f634ca4b8ba3b18268c395dd4273a1234943e7765dJoomla Hbooking component version 1.9.9 suffers from a remote SQL injection vulnerability.
0ad5ff2cc67b8621c1cd769523d744b064734029c57d2650a09aba38d5df0e32Joomla JE Quiz component version 2.3 suffers from a remote SQL injection vulnerability.
a8eea184dc79f54eef8207d6371ffb3732778f0258f3682d76140a59e1194703Joomla JE Property Finder component version 1.6.3 suffers from a remote SQL injection vulnerability.
ce1ccd67bbdee68551538a7ac5bc64fa24e4338b7ab9c2125ccc75d84b63bf15Joomla JE Directory Ads component version 1.7 suffers from a remote SQL injection vulnerability.
0c489ecf8bf1e9e4d08aee4e7d5dc5906c882846269f0f7d681a5a541b84a265
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed