This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.
1f47f80c45cf9163168bba8d9d9e5883Bus Booking Script version 1.0 suffers from a remote SQL injection vulnerability.
1a5d06ca50412d3ea1618cf7e571f4adFS Lynda Clone version 1.0 suffers from a remote SQL injection vulnerability.
93b52c246755254ff7aa57b5c5d0ed1aMovie Guide version 2.0 suffers from a remote SQL injection vulnerability.
fa1fcffffe6c7f17040a8f614cf5f4ccPiwigo version 2.9.1 suffers from a remote SQL injection vulnerability.
7dcb87848320df6b3827d114d752b690Paid To Read Script version 2.0.5 suffers from a remote SQL injection vulnerability.
545bfdb1f82a68e71a7cad4dc9bd9a1fReadymade Video Sharing Script version 3.2 suffers from a html injection vulnerability.
9f828121974beff69a49a0bc657533bfJoomla! JEXTN Video Gallery component version 3.0.5 suffers from a remote SQL injection vulnerability.
b9e24f7c25d109c4e2090e8221cc0cd0Joomla! JEXTN Question and Answer component version 3.1.0 suffers from a remote SQL injection vulnerability.
5d9a350f41b12d85b1e0616b9a338e0dSync Breeze version 10.2.12 suffers from a denial of service vulnerability.
eb3064d1984efdf9b9610176e6d7191eWordPress Wunderbar Basic plugin version 1.1.3 suffers from a cross site scripting vulnerability.
9e4156177eeba9d422aa9f62c73e8062Kemp load balancers with AFP WAF functionality versions 7.1.30 through 7.2.40 suffer from a POST bypass vulnerability.
65be9e2f8c7ec43b609c96eea736fc12WordPress Pinterest Badge plugin version 1.8.0 suffers from a cross site scripting vulnerability.
be0616ede646b5b6c06ff210352d9033Red Hat Security Advisory 2017-3474-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
b377cde0952495aa6f0f019183098bb5Red Hat Security Advisory 2017-3466-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
80f1b1f9f53f4d7dc4ab91f430db374eGentoo Linux Security Advisory 201712-4 - Multiple vulnerabilities have been found in cURL, the worst of which may allow execution of arbitrary code. Versions less than 7.57.0 are affected.
6d78a3a66d6ef06d18a2e705bf7aceddGentoo Linux Security Advisory 201712-3 - Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Versions less than 1.0.2n are affected.
424fb2f54f934bbdb186d90e169c3306Gentoo Linux Security Advisory 201712-2 - Multiple vulnerabilities have been discovered in OpenCV, the worst of which may result in a denial of service condition. Versions less than 2.4.13-r3 are affected.
6c47900cf5e25c9f1e5f13e7cf7ccc42Ubuntu Security Notice 3509-4 - USN-3509-2 fixed vulnerabilities in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem. Various other issues were also addressed.
ee7adf44f0d4c560968cb5bb9e43ee32Ubuntu Security Notice 3509-3 - USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
7b0de306b43e15046d1562aa3c463ed8Red Hat Security Advisory 2017-3473-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
094e78a87a857ab71224ec7c92cf7becRed Hat Security Advisory 2017-3472-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
967fda92af9f44bdbcfe1a331bb66a41Microsoft Windows 10 is forcibly installing the Keeper password manager which injects privileged UI's into pages.
cffd7bc598b1b7d4cd593b6b402424e4Apple Security Advisory 2017-12-13-5 - Safari 11.0.2 addresses arbitrary code execution vulnerabilities.
46ee197ecac23ffdddfab7ed1bfef818Apple Security Advisory 2017-12-13-7 - tvOS 11.2 addresses memory corruption vulnerabilities.
cf883db6f7f95bcf245df44b572bf4f5
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed