Sagemcom F@st 5260 routers on firmware version 0.4.39 (and possibly others), in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small.
1cbafac69bdd059b6ece817e1bd160dfBabel versions 0.4.1 and below suffer from an open redirection vulnerability.
bb450b93802167f372d4142c3edab611AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
1bb877023500451cbad76c8ab1f3ec55Red Hat Security Advisory 2019-0457-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include an off-by-one error.
58bc0f9b9a737850e5127803e1bd87f3Red Hat Security Advisory 2019-0458-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Issues addressed include a privilege escalation vulnerability.
1fa5a141e0fa9c9bc9c96d486254ad19Red Hat Security Advisory 2019-0461-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Issues addressed include an input validation vulnerability.
0764d6e91b4c142ee93afb1d9779926aWordPress WP-Image-News-Slider plugin version 3.3 suffers from cross site request forgery and remote shell upload vulnerabilities.
565786e871040f0759e592f8d15a7c02OpenDocMan version 1.3.4 suffers from a remote SQL injection vulnerability in search.php.
712535d01e32bd5c701160844148394dvBulletin version 4.2.5 with Member Map version 1.1.2 suffers from an open redirection vulnerability.
e5d8e9e98942245136c5fdadedfba275vBulletin version 4.2.5 with vBSuper_PM version 1.2.3 Lite suffers from an open redirection vulnerability.
0f09dab5c61e598ac54da68e40fd7d27Java Debug Wire Protocol (JDWP) remote code execution exploit.
fb1e36e56954213eabe341702f00a37avBulletin version 4.2.5 with Thread Post Bookmarking version 1.2.0 suffers from an open redirection vulnerability.
572c13a3e459417556e8bcffe5eb52advBulletin version 4.2.5 with Ajax Threads version 1.1.3 Lite suffers from an open redirection vulnerability.
295f15202fb9d293b8782e46bd099248vBulletin version 4.x Seo by vBSeo version 3.3.2 suffers from an open redirection vulnerability.
2fd9b8a4a20e182842f32ff7aca38fb6Splunk Enterprise version 7.2.4 custom application remote code execution exploit using a persistent backdoor with a custom binary payload.
5a62b4a52d56ebb505b44ba1557ac731Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 remote code execution proof of concept exploit.
3aee84bd66a663648cc9a1aadcd3d032This Metasploit module exploits a file upload vulnerability Booked 2.7.5. In the "Look and Feel" section of the management panel, you can modify the Logo-Favico-CSS files. Upload sections has file extension control except favicon part. You can upload the file with the extension you want through the Favicon field. The file you upload is written to the main directory of the site under the name "custom-favicon". After you upload the php payload to the main directory, the exploit executes the payload and receives a shell.
d99806184924b3c9ff46a07a219526b9elFinder versions 2.1.47 and below suffer from a command injection vulnerability in the PHP connector.
3d96dc64d2bfb5653afc37faeaeccf4bFiberhome AN5506-04-F RP2669 suffers from a persistent cross site scripting vulnerability.
9836a88eca44abee2a3aa731c7a709afMarcomCentral FusionPro VDP Creator versions prior to 10.0 suffer from a directory traversal vulnerability.
06756d818f5cc3711574cae6adb8815a
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed