This Metasploit module exploits a remote code execution vulnerability found in GetSimpleCMS versions 3.3.15 and below. An arbitrary file upload (PHPcode for example) vulnerability can be triggered by an authenticated user, however authentication can be bypassed by leaking the cms API key to target the session manager.
4df2c6bb69a9fe3da21e575c7d71f0dc7d51d1f49ccf6cff0a23ef2afb22ff8dPacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
73a5f3314e76bbeae60fd81a597c7d737d14fe8bab845072bf6586fe93d12a53Red Hat Security Advisory 2019-1243-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.131. Issues addressed include an out of bounds access vulnerability.
0668684b9b5f8a2d66275b8fd6b0de51331195c06ee9f07e85e26c1f51718017Ubuntu Security Notice 3988-1 - It was discovered that MediaInfo contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfo to crash, resulting in a denial of service.
8fed6c2a76f828c83e674aea5402e22f9abb4840ccf7cfcfe69a12aaf029317fUbuntu Security Notice 3986-1 - It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
9bf7bece1c350cccab56865cb42b760e25e431468015746400a7309649675fdbRed Hat Security Advisory 2019-1238-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP35. Issues addressed include a buffer overflow vulnerability.
ec20c7bb3400cda4ce362180081bb842b3098913284687804e41bd4ebf7d57c6Red Hat Security Advisory 2019-1237-01 - The rh-python35-python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include an information leakage vulnerability.
a7524274e041f70601d5a5607cdf562d36f391be932c212a56d22b3047e12dbfSlackware Security Advisory - New rdesktop packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
3f652b156d86664919d321bdd386ff0b197a45ae0191ac05ba1389173deb1aaeRed Hat Security Advisory 2019-1236-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and 2.2.5. Issues addressed include a denial of service vulnerability.
6fce1e15cd8e6e435255395f04102d0a04aef3027b9d04dd4f61e9621410cbe4Ubuntu Security Notice 3985-1 - Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Ă–sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
7534b3aecd4afe92e8ac42e822a5b135ac5bcb68d6c26985c9b93bd054a537e4SEL AcSELerator Architect version 2.2.24 suffers from a CPU exhaustion denial of service vulnerability.
606d093c7f297e8dcf9f6d5a4a84f0829cf946d7ae2b6f0b83243271175d7298Axessh version 4.2 denial of service proof of concept exploit.
5ac2fd6ab32034cb62ce26d355ed5fd743d956eb9f257f77fad9ec445308ce30ZOC Terminal version 7.23.4 suffers from multiple denial of service vulnerabilities.
fb87a23ea2434cf93fa96959356c2eac801eab11d3b257eaf850e534ca0c4feaJetAudio jetCast Server version 2.0 log directory local SEH alphanumeric encoded buffer overflow exploit.
1872f87f440d200a80b73a6a2d3bc6a51a8c2501a85fe09c3cafaea4471d5a11WeChat for Android version 7.0.4 suffers from a denial of service vulnerability.
4a34dd1ffc3e2c9c22ad7a167a1a31609f8705b1c7a9cca57b5719f7a47e4eedVMware Workstation versions prior to 15.1.0 suffer from a dll hijacking vulnerability.
84c95f42a6e145a6ace3256e81d274918132a3ba3bfe12ee4ec44c3e3674f8e5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed