This Metasploit module exploits a stack buffer overflow in Dup Scout Enterprise version 10.0.18. The buffer overflow exists via the web interface during login. This gives NT AUTHORITY\SYSTEM access.
67efc4aaa88613a74e677907f3bedd53194705d0e358c6a390abcbecf955e8fd
This Metasploit module exploits a stack buffer overflow in Advantech WebAccess version 8.2. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.
78035e48cb3ea2549108786b7aabfa7a232f04d6fd3e7c5d829230c0802dff63
This Metasploit module exploits a Clickjacking vulnerability in pfSense versions 2.4.1 and below. pfSense is a free and open source firewall and router. It was found that the pfSense WebGUI is vulnerable to Clickjacking. By tricking an authenticated admin into interacting with a specially crafted webpage it is possible for an attacker to execute arbitrary code in the WebGUI. Since the WebGUI runs as the root user, this will result in a full compromise of the pfSense instance.
d1034b0f46efb18bcec5b48f5aea0d3d693eeb2861362d95cc694e2c5acf247f
FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays the foundation for the credential recovery. Versions prior to 4.4.2335 on Linux, 5.6.1 on Windows, and 5.6.1 on Mac OSX are vulnerable.
e979475b106297fb2dc050e554be589a58bf126c0e7adb1e3495fc242851917d
Three separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on PAN-OS versions 6.1.18 and earlier, PAN-OS versions 7.0.18 and earlier, PAN-OS versions 7.1.13 and earlier, and PAN-OS versions 8.0.5 and earlier. Full details provided.
423165abff379221a69928e849d6eaf810ce20df2beeebabe792f214c5f2d026
Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc).
ab2ee457cd217c4af1e191968f48de6c5ef96258d1fcf05193b1e417d462e8ef
Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an authentication bypass vulnerability.
27c81054bf82e7e27c3cacdafb1d557c4a7e2711783679d697caa976bac70496
Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an arbitrary file upload vulnerability.
52cbe2c1acca8ba9945094f863e48615b35115cddc8c7e151a6b2e42489b60b2
Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an arbitrary file read vulnerability.
a999da894c2062ef8d7c5931c719214a155e11b88612404475b5b84bbf4d71c5
Fisheye and Crucible did not check that the name of a file in a Mercurial repository contained argument parameters. An attacker who has permission to add a repository or commit to a mercurial repository tracked by Fisheye or Crucible, can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.3 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.1 (the fixed version for 4.5.x) are affected by this vulnerability.
0bd5e815725597c657d0c5a6e093eb6974e09f7a3506b05998f40a13281f58a7
Zivif PR115-204-P-RS cameras version 2.3.4.2103 suffer from authentication bypass, command injection, and hardcoded password vulnerabilities.
d6311c41776954bc22d5925d870d532e5e567534bfc1de6779abd9900066bc86
EMC Isilon OneFS versions 7.x and 8.x suffer from a privilege escalation vulnerability. They contain an issue where a 'compadmin' user can potentially run restricted system commands with elevated (root) privilege on a cluster in compliance mode.
7198cc8f4dfddaffc0c28eb907ef53b80ab4e766ddef4b767c24ca41bad5a5ee
Ubuntu Security Notice 3513-1 - It was discovered that libxml2 incorrectly handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service.
77243f6e2f2310fa0e4cb8dc53e152b41ac9a0d462f227eb49ef82744d2616f1
Red Hat Security Advisory 2017-3442-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql57-mysql. Security Fix: This update fixes several vulnerabilities in the MySQL database server.
1a039ecbe2700a73afb873338fe5e3bf2c799869e3566440c32e1d00280c80a8
Red Hat Security Advisory 2017-3427-01 - The Red Hat Enterprise Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer Application Programming Interface .
0d45baf302757ab305169818060f24fc53fce3d076b0d82b8edf9af287856cb9
Ubuntu Security Notice 3513-2 - USN-3513-1 fixed a vulnerability in libxml2. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libxml2 incorrectly handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service. Various other issues were also addressed.
725d4df16b3faa1a69530fbb07e4208caf07eb720f3afceede9e440d734b49b0
Red Hat Security Advisory 2017-3452-01 - Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform. Security Fix: It was discovered that Lucene's XML query parser did not properly restrict doctype declaration and expansion of external entities. An attacker with access to an application using a Lucene XML query parser could exploit this flaw to perform XML eXternal Entity attacks.
26e4726f6f0f7896cd9ba554784035113622f24b3a03626fd4b1e47b30def97e
Red Hat Security Advisory 2017-3451-01 - Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform. Security Fix: It was discovered that Lucene's XML query parser did not properly restrict doctype declaration and expansion of external entities. An attacker with access to an application using a Lucene XML query parser could exploit this flaw to perform XML eXternal Entity attacks.
121c43b8294f271b4d791d9a53c87376dd04c9aa6efe6e6e2b4d2274c61a3262
This Microsoft bulletin summary holds additional information regarding Microsoft security updates for December, 2017 including additional updates for patches released on the 12th.
fb262d54bcff60c0ccbd4653ce89de7c2a3abed255f7eef379221c10ee5de8e7
This Microsoft bulletin summary holds information regarding Microsoft security updates for December, 2017.
dc83c15ec3990cbdd41cf34249be1cda63ebac24426b014328681d503c2c0590
Apple Security Advisory 2017-12-12-2 - AirPort Base Station Firmware Update 7.7.9 is now available and addresses memory corruption and logic issues.
0c550e25a4e845f536a170a4023e877b814000f7ce5305e8cb2b753e8512ff4f
Apple Security Advisory 2017-12-12-1 - AirPort Base Station Firmware Update 7.6.9 is now available and addresses logic issues.
599452f5e6463e1b3f76fca3e4a8121314d78d47e0776b2a11a19baf63c17426
Accesspress Anonymous Post Pro versions prior to 3.2.0 suffers from an arbitrary file upload vulnerability.
71db5d8e5b456d7a51e7e5a76f49895046898d99ba23ce31fa9edf4bd4d6995f
Joomla! JBuildozer component version 1.4.1 suffers from a remote SQL injection vulnerability.
624cc189ff5ad4c604f5877caba3e77fbb6b1ad3d57679fd5df4befc6c730f7f
PS4 Remote Play version 2.5.0.9220 suffers from a dll hijacking vulnerability.
9155a2fde62e8c638c2b9e31eef3382ef86064d771da56df76c4581c536f26dd