This Metasploit module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper session handling in /action/beats_uploader.php file. This Metasploit module was tested on ClipBucket before 4.0.0 - Release 4902 on Windows 7 and Kali Linux.
4cbc4f10623c015fe72317b111015c9c54dcbf8fdddd9d0a7b8d9e1a06c5b330Ubuntu Security Notice 3607-1 - It was discovered that Screen Resolution Extra was using PolicyKit in an unsafe manner. A local attacker could potentially exploit this issue to bypass intended PolicyKit authorizations.
1cba5203444f9b97137ee8c0abe70d8653262ffbbce163e3843645d454d09a9bGentoo Linux Security Advisory 201803-13 - A vulnerability in PLIB may allow remote attackers to execute arbitrary code. Versions less than 1.8.5-r1 are affected.
3075429c781033eb45aa3333ffe934344597b6dddf0b7d6046c6a3fedd2a965fGentoo Linux Security Advisory 201803-12 - Multiple vulnerabilities have been found in BusyBox, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 1.28.0 are affected.
588359ff5f2c3bbf4fd2ef4dd07154b16880b4831f2d6100b5c05d71eee8101bUbuntu Security Notice 3606-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
ba45642f0c149fb2dbd67ebccb1e77402ebb7c2bf58e841d47e94662310294aeAcrolinux Server versions prior to 5.2.5 suffer from a directory traversal vulnerability.
6e40e3230a6a8f992f1896ba8051c14211224629d948f41fe8404620830cb2a9Hikvision IP Camera versions 5.2.0 through 5.3.9 (builds 140721 up until 170109) suffer from an access control bypass vulnerability.
7af92b119967a688ba007849fccd93f43c5fcb2a0a609765db006f3999450a9fLaravel Log Viewer versions prior to 0.13.0 suffers from a local file download vulnerability.
167717bccfa3ca0b0d38c17ea0f44b8f9623e1fe306e0934c356174fe45eecf6WordPress Event Manager plugin version 5.8.1.1 suffers from a cross site scripting vulnerability.
baf4458c23251ad71852c73e90d1678d2e8eaaa88fc903857be36dcdba922235Whitepaper called Cross Site Scripting 'XSS' In A Nutshell.
695d2b954f4e3f92af84560cd50399eb8681efd6c5c34c52add3dfb690d2875aFast AVI MPEG Splitter version 1.2 suffers from a stack-based buffer overflow vulnerability.
74d1b7954d7ccab43a24cc84ff23859a4adf3cf98319b7e84a0e2d798dcd60ddLabF nfsAxe version 3.7 suffers from a local privilege escalation vulnerability.
09397fec453df4dd0bbba58af44a3c3ea744332821b07a0aa8aeca1e2d151a20testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
0e040218d72d6d3b0172bedbc784268e3e297d7689ffa343f150fb05a9d2491aWhitepaper that discusses error-based SQL injection in "Order By" clause in MSSQL.
851cfd618bf84f5c291b9f234d0aa06c3d0654bfd229ffe4a04e78ae9f52e471TL-WR720N 150Mbps Wireless N Router suffers from a cross site request forgery vulnerability.
29a83aa88e720bd516144671af135dc4639bec30d79836352ba9b3a570f1c6e5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed