This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.
33807dc92c51e0890223cb5aa8b949a564e99406df84abf4910ba71ac13c7512Bus Booking Script version 1.0 suffers from a remote SQL injection vulnerability.
8ab13efc336295285491e67bb93b942178089de67c2b16923268b0eb37c15fdfFS Lynda Clone version 1.0 suffers from a remote SQL injection vulnerability.
aecd307ca8281200e3bc02c02d5c4c877da634481d5927a9933ff9a81d612574Movie Guide version 2.0 suffers from a remote SQL injection vulnerability.
bbb4bc60fb105f8bc9b27bdfc9e417483f123d816c7a8951b0ed041de206f42aPiwigo version 2.9.1 suffers from a remote SQL injection vulnerability.
391e9323ad2d0e765c5af2177dccde86a5f2dfb908dac96f7f9c21ef991ba6cdPaid To Read Script version 2.0.5 suffers from a remote SQL injection vulnerability.
44f6707002867724e0db26bc31dec80abd0e46f55c7f653e46bca33cdae1db92Readymade Video Sharing Script version 3.2 suffers from a html injection vulnerability.
405097151c57dc24d8d1c4dc18575cb08049480311638242a6184fe7f95ed8f0Joomla! JEXTN Video Gallery component version 3.0.5 suffers from a remote SQL injection vulnerability.
f350a80b80cce843425e64573c055c8d430d4f5d30efa31e19bb4944152ab3d4Joomla! JEXTN Question and Answer component version 3.1.0 suffers from a remote SQL injection vulnerability.
08bb0912ddc75094fa2f2e4f324af6e703f516935f1bf497a0b63d1729432e03Sync Breeze version 10.2.12 suffers from a denial of service vulnerability.
1cd1eb5d0a0bee233c3f3f7aef72ce97f50abe6707e484966bf7199ad84a3947WordPress Wunderbar Basic plugin version 1.1.3 suffers from a cross site scripting vulnerability.
e504c81158bffcd7a8774641665a276936c6129a483f544ffcb323efc0b9c56dKemp load balancers with AFP WAF functionality versions 7.1.30 through 7.2.40 suffer from a POST bypass vulnerability.
14ea3b89e7be3d4f9ecff5cdff3c24e4b19903bd8d69a0ba7fb66791f065f28cWordPress Pinterest Badge plugin version 1.8.0 suffers from a cross site scripting vulnerability.
bdf4b1098aafaa9be22ecf2475af89869149eb7a120ebc8e21250642f2c9cae2Red Hat Security Advisory 2017-3474-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
b146276f21006a6482f059705c18a8672e10a014be7b092c305842e8f3060279Red Hat Security Advisory 2017-3466-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
84a7b3f4ea4874af0ae1de4c1762b18a68c9aebe5f589fd042d64b0f18ab77f6Gentoo Linux Security Advisory 201712-4 - Multiple vulnerabilities have been found in cURL, the worst of which may allow execution of arbitrary code. Versions less than 7.57.0 are affected.
597b708be3f8393ef070dd7b2ba23730c0c91e9c3cab36fa3d956ca7f5c01a08Gentoo Linux Security Advisory 201712-3 - Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Versions less than 1.0.2n are affected.
fce3728192f2ad29f4f85aa453b99dae4b60a8dc3c7ceb2e2bc45239433e0b60Gentoo Linux Security Advisory 201712-2 - Multiple vulnerabilities have been discovered in OpenCV, the worst of which may result in a denial of service condition. Versions less than 2.4.13-r3 are affected.
23ed028798645e60d71b5c9bc7325d313df460f993a254b1397f5c6100fa4d58Ubuntu Security Notice 3509-4 - USN-3509-2 fixed vulnerabilities in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem. Various other issues were also addressed.
e247182658e6540d25609e72e9dd6d7ad81ff0c1a47c1ca04a69f64a5f2198b6Ubuntu Security Notice 3509-3 - USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
c9f08cb921bee694d81c41829fc3937241f62db3204ae7f41f23cd54548f3afbRed Hat Security Advisory 2017-3473-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
5185cca79ae85a913d5eca3f4c5ae46050222a65b86838a1ea3fa3cb98c73575Red Hat Security Advisory 2017-3472-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
facd3d0559b2b0966a6eef7678ab1ea1ee5805c62f3537e7ea2ef451f2b80b92Microsoft Windows 10 is forcibly installing the Keeper password manager which injects privileged UI's into pages.
ae83b2f7f72326bf46c86779b3f209ce03d065a4da2267e20c685c1f25425281Apple Security Advisory 2017-12-13-5 - Safari 11.0.2 addresses arbitrary code execution vulnerabilities.
25f23cc87f8a33c44a141c6c53d1806a7f371dcd19943990abccf94f3fe570a8Apple Security Advisory 2017-12-13-7 - tvOS 11.2 addresses memory corruption vulnerabilities.
2b4f5f9ff4324ef548c1e5b149e7f26f705e7b7e1f5dcdb9d45134d78de7be30
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed