This Metasploit module allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to processing of contact files.
61fc32618fc4266b946f0130bc44154af701a9c7982e3296bf93f3a548745f3dThis Metasploit module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains an LDAP password for the zimbra account. The zimbra credentials are then used to get a user authentication cookie with an AuthRequest message. Using the user cookie, a server side request forgery in the Proxy Servlet is used to proxy an AuthRequest with the zimbra credentials to the admin port to retrieve an admin cookie. After gaining an admin cookie the Client Upload servlet is used to upload a JSP webshell that can be triggered from the web server to get command execution on the host. The issues reportedly affect Zimbra Collaboration Suite v8.5 to v8.7.11. This module was tested with Zimbra Release 8.7.1.GA.1670.UBUNTU16.64 UBUNTU16_64 FOSS edition.
811a4794f58646f39b0ef372b6e8f37324c45d3730bba6e1b7ae12049671f517The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
ca2063a49893b737d4d6171bc3dd6370d0a7fc30d6a99faf2d3635abc9a9b594WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities and various other issues that can lead to code execution. Multiple versions are affected.
32368129173c12e77d456af213631d9cc7d26931f8663deec91ae1ff60354a8dMicrosoft Internet Explorer 11 suffers from an XML external entity injection vulnerability.
d0d9c0120bc1bc43c93bc8ccd59c86cf132b3cf03c40d7227c89822c693a6e73Red Hat Security Advisory 2019-0747-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. A file exfiltration issue was addressed.
ae4cadc4b542e1403425519f3aa41b710349b735314cd676e879c9b6b75254f7Red Hat Security Advisory 2019-0746-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Issues addressed include a bypass vulnerability.
202bd8c08a315a52b0d871b6653eba41c7ffe2586133300b1cfc9f7fb04287e6Debian Linux Security Advisory 4430-1 - Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) found multiple vulnerabilities in the WPA implementation found in wpa_supplication (station) and hostapd (access point). These vulnerability are also collectively known as "Dragonblood".
e4cc520a6f88594171e81ee3cde6f6aec1740ca7d34b2fc6ac799e9719e96151Gentoo Linux Security Advisory 201904-13 - Multiple vulnerabilities have been found in Git, the worst of which could result in the arbitrary execution of code. Versions less than 2.20.1 are affected.
4031ef5e621d3fbe0145f27c071c2ff02e82fbb6783e8d045d80c296605ab322Red Hat Security Advisory 2019-0741-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include bypass and traversal vulnerabilities.
6e257a6b62164b695442d49f6e80bcc4aca5cb94a5d5a9ddfaf5c1b669df3536Red Hat Security Advisory 2019-0739-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security fix: jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-workflow-cps: Sandbox bypass in pipeline: Groovy plug-in jenkins-matrix-project-plugin: Sandbox bypass in matrix project plug-in jenkins-job-dsl-plugin: Script security sandbox bypass in job DSL plug-in. Issues addressed include a bypass vulnerability.
3521bc8e3160f9a4e993455be4fa77b9faf7799c4a87c9cd5848b70126953609Ubuntu Security Notice 3944-1 - It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly validated received scalar and element values in EAP-pwd-Commit messages. A remote attacker could possibly use this issue to perform a reflection attack and authenticate without the appropriate password. Various other issues were also addressed.
5cd1105b2e54bffc81e4ab1e2261cd73be7cd130544105c2d7414ca3f2dcf45eAn initial analysis of the TP-Link Archer C50 router shows it accepts logins over HTTP, uses a telnet server, and implements SSH with low-bit DSA and RSA keys.
53a13e884f6afc26588d4379a2f778d837337905887f64e1979b2754e287ed7eXiaomi Mi Browser version 10.5.6-g and Mint Browser version 1.5.3 suffer from a URL spoofing vulnerability.
146281cb738d6d648df337f2594fc86db59736898ef13fbbc5bde39f583c0133
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed