This Metasploit module exploits a stack buffer overflow in Dup Scout Enterprise version 10.0.18. The buffer overflow exists via the web interface during login. This gives NT AUTHORITY\SYSTEM access.
67efc4aaa88613a74e677907f3bedd53194705d0e358c6a390abcbecf955e8fdThis Metasploit module exploits a stack buffer overflow in Advantech WebAccess version 8.2. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.
78035e48cb3ea2549108786b7aabfa7a232f04d6fd3e7c5d829230c0802dff63This Metasploit module exploits a Clickjacking vulnerability in pfSense versions 2.4.1 and below. pfSense is a free and open source firewall and router. It was found that the pfSense WebGUI is vulnerable to Clickjacking. By tricking an authenticated admin into interacting with a specially crafted webpage it is possible for an attacker to execute arbitrary code in the WebGUI. Since the WebGUI runs as the root user, this will result in a full compromise of the pfSense instance.
d1034b0f46efb18bcec5b48f5aea0d3d693eeb2861362d95cc694e2c5acf247fFortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays the foundation for the credential recovery. Versions prior to 4.4.2335 on Linux, 5.6.1 on Windows, and 5.6.1 on Mac OSX are vulnerable.
e979475b106297fb2dc050e554be589a58bf126c0e7adb1e3495fc242851917dThree separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on PAN-OS versions 6.1.18 and earlier, PAN-OS versions 7.0.18 and earlier, PAN-OS versions 7.1.13 and earlier, and PAN-OS versions 8.0.5 and earlier. Full details provided.
423165abff379221a69928e849d6eaf810ce20df2beeebabe792f214c5f2d026Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc).
ab2ee457cd217c4af1e191968f48de6c5ef96258d1fcf05193b1e417d462e8efMeinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an authentication bypass vulnerability.
27c81054bf82e7e27c3cacdafb1d557c4a7e2711783679d697caa976bac70496Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an arbitrary file upload vulnerability.
52cbe2c1acca8ba9945094f863e48615b35115cddc8c7e151a6b2e42489b60b2Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an arbitrary file read vulnerability.
a999da894c2062ef8d7c5931c719214a155e11b88612404475b5b84bbf4d71c5Fisheye and Crucible did not check that the name of a file in a Mercurial repository contained argument parameters. An attacker who has permission to add a repository or commit to a mercurial repository tracked by Fisheye or Crucible, can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.3 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.1 (the fixed version for 4.5.x) are affected by this vulnerability.
0bd5e815725597c657d0c5a6e093eb6974e09f7a3506b05998f40a13281f58a7Zivif PR115-204-P-RS cameras version 2.3.4.2103 suffer from authentication bypass, command injection, and hardcoded password vulnerabilities.
d6311c41776954bc22d5925d870d532e5e567534bfc1de6779abd9900066bc86EMC Isilon OneFS versions 7.x and 8.x suffer from a privilege escalation vulnerability. They contain an issue where a 'compadmin' user can potentially run restricted system commands with elevated (root) privilege on a cluster in compliance mode.
7198cc8f4dfddaffc0c28eb907ef53b80ab4e766ddef4b767c24ca41bad5a5eeUbuntu Security Notice 3513-1 - It was discovered that libxml2 incorrectly handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service.
77243f6e2f2310fa0e4cb8dc53e152b41ac9a0d462f227eb49ef82744d2616f1Red Hat Security Advisory 2017-3442-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql57-mysql. Security Fix: This update fixes several vulnerabilities in the MySQL database server.
1a039ecbe2700a73afb873338fe5e3bf2c799869e3566440c32e1d00280c80a8Red Hat Security Advisory 2017-3427-01 - The Red Hat Enterprise Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer Application Programming Interface .
0d45baf302757ab305169818060f24fc53fce3d076b0d82b8edf9af287856cb9Ubuntu Security Notice 3513-2 - USN-3513-1 fixed a vulnerability in libxml2. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libxml2 incorrectly handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service. Various other issues were also addressed.
725d4df16b3faa1a69530fbb07e4208caf07eb720f3afceede9e440d734b49b0Red Hat Security Advisory 2017-3452-01 - Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform. Security Fix: It was discovered that Lucene's XML query parser did not properly restrict doctype declaration and expansion of external entities. An attacker with access to an application using a Lucene XML query parser could exploit this flaw to perform XML eXternal Entity attacks.
26e4726f6f0f7896cd9ba554784035113622f24b3a03626fd4b1e47b30def97eRed Hat Security Advisory 2017-3451-01 - Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform. Security Fix: It was discovered that Lucene's XML query parser did not properly restrict doctype declaration and expansion of external entities. An attacker with access to an application using a Lucene XML query parser could exploit this flaw to perform XML eXternal Entity attacks.
121c43b8294f271b4d791d9a53c87376dd04c9aa6efe6e6e2b4d2274c61a3262This Microsoft bulletin summary holds additional information regarding Microsoft security updates for December, 2017 including additional updates for patches released on the 12th.
fb262d54bcff60c0ccbd4653ce89de7c2a3abed255f7eef379221c10ee5de8e7This Microsoft bulletin summary holds information regarding Microsoft security updates for December, 2017.
dc83c15ec3990cbdd41cf34249be1cda63ebac24426b014328681d503c2c0590Apple Security Advisory 2017-12-12-2 - AirPort Base Station Firmware Update 7.7.9 is now available and addresses memory corruption and logic issues.
0c550e25a4e845f536a170a4023e877b814000f7ce5305e8cb2b753e8512ff4fApple Security Advisory 2017-12-12-1 - AirPort Base Station Firmware Update 7.6.9 is now available and addresses logic issues.
599452f5e6463e1b3f76fca3e4a8121314d78d47e0776b2a11a19baf63c17426Accesspress Anonymous Post Pro versions prior to 3.2.0 suffers from an arbitrary file upload vulnerability.
71db5d8e5b456d7a51e7e5a76f49895046898d99ba23ce31fa9edf4bd4d6995fJoomla! JBuildozer component version 1.4.1 suffers from a remote SQL injection vulnerability.
624cc189ff5ad4c604f5877caba3e77fbb6b1ad3d57679fd5df4befc6c730f7fPS4 Remote Play version 2.5.0.9220 suffers from a dll hijacking vulnerability.
9155a2fde62e8c638c2b9e31eef3382ef86064d771da56df76c4581c536f26dd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed