This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable.
d8e06fe66e7a7c70257d472a150741719f1392fb6c548c25bee9d61d4f3a78cdGitList version 0.6 unauthenticated remote code execution exploit.
0dd6d31c236e339ea46cf2a96afd06f86a7c41ebbaa4e592b132cc48869c6f13Red Hat Security Advisory 2018-1254-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql. Issues addressed include a ridiculous amount of unspecified vulnerabilities.
1ede294a6628ec4148b7f98e60bd2f20e8096d2d97b2753c5341e15b2bc31937Red Hat Security Advisory 2018-1252-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed relate to speculative execution.
1648e1038845c34ef925ef9147793bdab70663276d5666f94f6db9a435e7def0Google Chrome V8 Await methods call ResolveNativePromise which calls InternalResolvePromise which can invoke a user JavaScript code through a "then" getter. If the AwaitedPromise is replaced by the user script, the AwaitedPromise will be immediately overwritten after the call to Await, this may lead the generator to an incorrect state.
78b2c24ff6a8f61df29a3ac781ec2f32f86061d57afb7512f75393705b8644f1Debian Linux Security Advisory 4180-1 - A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework.
4e067265514ce8ce9cff33e5fcb7c8923db4db1b073aa843b234dd36517ecc44Red Hat Security Advisory 2018-1251-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.
ceb01489516a96b14c36584e28b0efbda2f1d027c752097948d8d0dc7419fbbfHRSALE The Ultimate HRM version 1.0.2 suffers from a cross site scripting vulnerability.
8dbe06a437c757977d1e7e6fff47c5afc2c86bf0606b007b7b8ec40b4dc8df01HRSALE The Ultimate HRM version 1.0.2 suffers from a local file inclusion vulnerability.
5772c8ea23208440a6468e45bb2ba8d98e1bb327e63a9e3a03be53512f1a46d0Secunia Research has discovered a vulnerability in Oracle Outside In Technology, which can be exploited by malicious people to compromise a vulnerable system. Version 8.5.3 is affected.
6b1d3b5b8e9640b261be0265a0c6d2b4ae818f1b9f7a7e93a4b5f90930af4f8fThis is a simple proof of concept exploit for Drupal versions prior to 7.58 that demonstrate the drupalgeddon3 authenticated remote code execution vulnerability.
083d892c5eba86d29cd75e8b8e8af90103d767eb04a11f57033b9dd9088214a0Red Hat Security Advisory 2018-1249-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.1.2. Issues addressed include code execution and traversal vulnerabilities.
7a99cd9fa5e7b677979d878927b072ed90031c3e2398d6e90cb46748761646c6Jfrog Artifactory versions prior to 4.16 suffer from unauthenticated arbitrary file upload and remote command execution vulnerabilities.
152a825b4c3e4e8481acf58c79f6c1d359fdb42bc26f7d136ab8976ae360c2d7Red Hat Security Advisory 2018-1248-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.
aba26a4b4e5f75b3fe6fa3b8d6d265d70cc537d2fb70af222279bda2dcbd4f3dWordPress WP with Spritz plugin version 1.0 suffers from local and remote file inclusion vulnerabilities.
c6986cfbd78a92dae5c9a05da5db76c918141c17da17231a3ab998a61b73258dRed Hat Security Advisory 2018-1247-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.
e63dc4585a5fbbae9e18277f5d41fbc0419ddd4e5aa06fc7bf35ef0cb7486fe3SickRage versions prior to 2018.03.09 return clear-text credentials in HTTP responses.
4eca74b6076c68ef8dfaed89847067aaacb96f5e62b6e0dd9c02340a7fcaca16Ubuntu Security Notice 3629-2 - USN-3629-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.60 in Ubuntu 12.04 ESM. Various other issues were also addressed.
7cd6c524f3ee8ff89432a487e67dc771bd48070b403b7b5041c37c864b801bb8October CMS User plugin version 1.4.5 suffers from a persistent cross site scripting vulnerability.
2542351c0db2686c16ac211c741d58a6096bc2da3e0f49b94409072994f16c19Apple Security Advisory 2018-04-24-3 - Safari 11.1 is now available and addresses code execution vulnerabilities.
67e25f6ebc791a2bbd24e5bb509652ae33c2f36c2e7e71ca7ac3f897837be512Apple Security Advisory 2018-04-24-2 - Security Update 2018-001 is now available and addresses privilege escalation and UI spoofing issues.
ec64e473e482e25a015a31dcdc6b13d22812a03fd13980d52ca88bd0375cf456Apple Security Advisory 2018-04-24-1 - iOS 11.3.1 is now available and addresses code execution vulnerabilities.
3b6b031d4de4f82dc2d6116a7e6b0e34c773b3dbdc85944cef0fa376bfd2b1b6A lack of validation on cookie values allows you to login as any user on hik-connect.com and ezvizlife.com.
640d9d5b8ed635a745527703397776a5bb9f02ecdcb9b198beddb96116636e81Sitecore.NET version 8.1 suffers from a directory traversal vulnerability.
e4a706da6b29b62366f1ed365cb9f34fa7a8c59a749e0d003d626c959eb95de6HRSALE The Ultimate HRM version 1.0.2 suffers from a remote SQL injection vulnerability.
59325a4cf4859ff56febfa34f3bbcd6b4a95112c26ef20b9ab6610f87c0822b2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed