This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 2.3 through 2.3.4, and 2.5 through 2.5.16. Remote code execution can be performed via an endpoint that makes use of a redirect action. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.
d4db47de622ab194cae5e05a485e3f4743601277e19a6aa2f5275bcad5350dab
Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contain an insecure file permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a man-in-the-middle attack on the VPN traffic.
61685abfda52cbfe34ab599da26d62776e3c243f5fe467d66cfe2e326b577e81
QNAP Photo Station version 5.7.0 suffers from a cross site scripting vulnerability.
6f8b1e997128cc4ac58c6c0f62ce744a696945567e0062420eddd4fbaa25ab43
Tenable WAS-Scanner version 7.4.1708 suffers from a remote command execution vulnerability.
f6abb5ee36d02b2bef24e464cfd319bc4fb94400c1fa3819553e75be5a768531
Softneta MedDream PACS Server Premium version 6.7.1.1 suffers from a directory traversal vulnerability.
194ac197adc1113681f2469fa338d08273a5ee040d21692b985a3a36c07de39d
MedDream PACS Server Premium version 6.7.1.1 suffers from a remote SQL injection vulnerability.
d808855c26366de2a644f78799999dc698975c07b3a41b5939697b9c5448dea5
iSmartViewPro version 1.5 suffers from a buffer overflow vulnerability.
3ccea7524fc7185cc2b24fb7a9001df01667d74b4cb61e0e503f361072e513e0
WordPress Ajax BootModal Login plugin version 1.4.3 suffers from a CAPTCHA bypass vulnerability.
991000b519080f0b704ea5cde33ec9474cf7a17fe94e2852cd83734955e20f06
Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote kernel crash vulnerability in the isi_drive_d process. An unauthenticated attacker may potentially exploit this vulnerability to crash the server operating system by sending specially crafted input data to the affected system.
73b9f201cb28fbeddb6e452c427449c628770a38dc61496947a024292e9fc08c
RSA BSAFE SSL-J versions prior to 6.2.4 contain a heap inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.
1d4172c4c86ce8ccc2a9a8e1b830a45d85684dcdd0d15f64044487bd617a938e
DVD Photo Slideshow Professional version 8.07 suffers from a buffer overflow vulnerability.
7466f8798884333013b9d57a67c1923161bd2ea8a5c5c3795f2945ffd8113b7a
Subsonic Music Streamer version 4.4 suffers from an improper certificate validation vulnerability.
f7f53b635f997e2cd5340af1d92833a14752efed2260921f9403d2e91f9f5fc0
DSub for Subsonic version 5.4.1 suffers from an improper certificate validation vulnerability.
370704c68c165cc35ae66d964e40aba2fe2d033e452e2d6c15489ec1efdeb3a2
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
cefa572026119fbc872d24dc0fcec64a105b0e11a85291b48f0e5ef494f55517
Ubuntu Security Notice 3761-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that if a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. Various other issues were also addressed.
5250f9b22135e87b334a076a8fd606b93af51fe81a2760f9e0440c740663d869