This Metasploit module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment.
c4855db7df7cb678dd9da32ffe4ac3575beac9fd02dbc2ba53eb304fca0a4ff7PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
d3f2fd02d1cb6bda3a05a9acb3b31a0264b635f3f3667afe967b960f3eb14d73This Metasploit module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This Metasploit module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some cases, anonymous access combined with common filesystem locations can be used to automatically exploit this vulnerability.
467d157dc1bbf3f036cc0f63f280fa7c6781fd91ca452708aab53393895c5ba1Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
d8ee021c0b795edab52298059142b5c34a18675bf64f8353e5d1aa690e1038d3WebKitGTK+ suffers from code execution, denial of service, memory corruption, and various other vulnerabilities.
5804f630eaa2c72cacab41b2ccd9870e1e516c016780bc40df3a5bcae7ed2a44JAD Java Decompiler version 1.5.8e suffers from a local buffer overflow vulnerability.
1f4316b80457aecc9ab1d4b63dda9a18973e331e719518b4ab41a40f4dcfe2b4WordPress AffiliateWP plugin versions 2.0.8 and below suffer from a cross site scripting vulnerability.
3ca1fb705331fe04e70541cad5cf109d1809f68a6f5adb5bb5a70e9bc531215dWordPress Huge-IT Video Gallery plugin version 2.0.4 suffers from a remote SQL injection vulnerability.
18673ff6c4b5932c1002b8927b318cfd610e2f7db98ea60fc08d03be57d0fc05WordPress All In One Schema.org Rich Snippets plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.
767cb75a0f15f68cae52091db7a8923f0807038c3700134bf985a7567713facfAries QWR-1104 Wireless-N router suffers from a cross site scripting vulnerability.
e5003c524c37548060cc231edf0fc24067399ffb00f05fa475cf690683a5c17dOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30cThis bulletin summary lists multiple CVE additions for the May, 2017 security bulletin release.
ac0d024f7e9e085c500cd7f1d1fb0e04aa6fc92350547dfffc895068fd4678bbThrough fuzzing, a number of ways to crash the Microsoft MsMpEng service has been been discovered.
05eda4b73f73c98a155075088def6208b82e5ecb6e7eba708c3a910c322807a5This repo from github contains a SambaCry exploit and vulnerable container.
1575fdf58a5dd6e72a33a6dc0648196f99226950d46f8032e30b023c560a06caWordPress Social-Stream versions 1.6.0 and below suffer from a Twitter API OAuth secret disclosure vulnerability.
d9397402a5e15bf1dfe27b9c6cfe4a24c02c4ffc37e440343f5c6850e3501b41Sandboxie version 5.18 suffers from a local denial of service vulnerability.
fd92cb6374cffa34d5f607414474570f094bcc34f9157c3f8a8a27dbc464daa0D-Link DCS Series cameras implement a weak crossdomain.xml.
50e8e437260ea37095cf7b417235509abfde4253d1cec1226635f8f3a293b3cbGoogle Chrome version 60.0.3080.5 V8 suffers from an out-of-bounds write vulnerability in the javascript engine.
5df4f83fe15024aae18571a2cc409b7b22f94289acd7c97a542434dedf996134Sunell IPCAMERA IPR54/14AKDN(II)/13 suffers from a session ID enumeration vulnerability.
60ce71b07534bee0f99b4630549295320551670713e34c6613132c5fce336ac9Sunell IPCAMERA IPR54/14AKDN(II)/13 suffers from a reflective cross site scripting vulnerability.
27e65ecc5f751798e2ae87d44a144b020245e5f7941b691a517e197e2a0004f7Sunell IPR54/14AKDN(II)/13 suffers from a persistent cross site scripting vulnerability.
08008390429a0ee6a1e0891e649db3e2a21176e7ef4304f3a8a4f77d54e03e3dVeritas Backup Exec Remote Agent for Windows suffers from a use-after-free vulnerability. All versions before Backup Exec 16 FP1, Backup Exec 15 14.2.1180.3160, and Backup Exec 2014 14.1.1187.1126 are affected.
8ceb02397eea9ab98abf9619f4ab71f85b7ac2f8ffa9d669f5e674239b69ebd6OpenVPN Access Server version 2.1.4 suffers from a CRLF injection vulnerability.
10cc7e203caeb7b199f43ae4c5d590f5d394419a9369a6b7bdb1eff2af577d79Ubuntu Security Notice 3300-1 - Ryan Beisner discovered juju did not set permissions on a Unix domain socket. A local attacker could use this flaw to gain administrative privileges.
4a3e1ac9331881d06254b3af2d2c4a033fff96437ac64ee5e501c0675171cdc6HPE Security Bulletin HPESBHF03730 1 - Potential security vulnerabilities have been identified in HPE Aruba ClearPass Policy Manager. The vulnerabilities could be remotely exploited to allow access restriction bypass, arbitrary command execution, cross site scripting (XSS), escalation of privilege and disclosure of information. Revision 1 of this advisory.
2e54f155f6a6a7798dfeaf9418f020bd83703cdf9426cfeb5c27c907c8e60a72
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed