Ubuntu Security Notice 4116-1 - It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code. Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. Various other issues were also addressed.
b73564f87dfc581b5bd179a2b32bdd4fb0dc2588d71e0178cda6933e79afaedd
Ubuntu Security Notice 4117-1 - It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. Various other issues were also addressed.
08931d3a174297788ef3a8a0259a69406ef81389b33e15ab37700c7d4e440f45
Ubuntu Security Notice 4115-1 - Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service. Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
08121c3db54d152e12d06507d23ec168fbb76db1ad82346d206b3edabc68482d
Ubuntu Security Notice 4114-1 - Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. Praveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
1dee506c19101cc9ecccc15a1f0ec6678dc9b18f2bb7378476509f6e646cc9f8
Debian Linux Security Advisory 4512-1 - Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs.
a94255a4f19aff011ae8a226419945574696c26c3d6c0a31e0ba2f7878f43905
This archive contains all of the 159 exploits added to Packet Storm in August, 2019.
3dd8a39fc216f8df95e0ace7c9b1a9f4bbddd8c72944bec14883692d00f677ab
Gentoo Linux Security Advisory 201908-29 - Multiple vulnerabilities have been found in Dovecot, the worst of which could result in the arbitrary execution of code. Versions less than 2.3.7.2 are affected.
cddba783a17794365464d8147d620763c2579d8620bb0ccfc1692937e1db247c
Red Hat Security Advisory 2019-2593-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a buffer overflow vulnerability.
ae38562107556cd0422ff52010969b12e31bfac7984742c1f543e664c4d7d7c4
The Cisco UCS Director virtual appliance contains two flaws that can be combined and abused by an attacker to achieve remote code execution as root. The first one, CVE-2019-1937, is an authentication bypass, that allows the attacker to authenticate as an administrator. The second one, CVE-2019-1936, is a command injection in a password change form, that allows the attacker to inject commands that will execute as root. This module combines both vulnerabilities to achieve the unauthenticated command injection as root. It has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0. Note that Cisco also mentions in their advisory that their IMC Supervisor and UCS Director Express are also affected by these vulnerabilities, but this module was not tested with those products.
88e2661eac6ae7e8e4a10814c6417ce137ece9446d83413cd0c6813936fdb7e1
This Metasploit module attempts to gain root privileges by exploiting a vulnerability in ktsuss versions 1.4 and prior. The ktsuss executable is setuid root and does not drop privileges prior to executing user specified commands, resulting in command execution with root privileges. This module has been tested successfully on ktsuss 1.3 on SparkyLinux 6 (2019.08) (LXQT) (x64) and ktsuss 1.3 on SparkyLinux 5.8 (LXQT) (x64).
60b05f9c8dd9618a16984179687837c73ed7d9f5164d7df7821f81dfa103046c
This Metasploit module attempts to gain root privileges by blindly injecting into the session user's running shell processes and executing commands by calling system(), in the hope that the process has valid cached sudo tokens with root privileges. The system must have gdb installed and permit ptrace. This module has been tested successfully on Debian 9.8 (x64) and CentOS 7.4.1708 (x64).
fdcbf0c4d9e341553a52dec31cde80eee431ecb79d69538c1c636d8d6742a5ca
This Metasploit module abuses a known default password on Cisco UCS Director. The 'scpuser' has the password of 'scpuser', and allows an attacker to login to the virtual appliance via SSH. This module has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0. Note that Cisco also mentions in their advisory that their IMC Supervisor and UCS Director Express are also affected by these vulnerabilities, but this module was not tested with those products.
94bda7121e042ee09228bf74bbf6f0d5581de7fd36faaa0ab4e892b49f16f89e
DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why).
94163d73db872c81ba5ce8506f3d9deded66f21e352e87fbb9269f202301c37e
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition.
2c771b51eb75ada179bdbfecb74aebaee8b16721ebc04a5e5d918a82a211ed0a
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
44669d0ca2568d7595877d80ab1a36fe6f683a4382a1779459c7db5a7accd14a
Ubuntu Security Notice 3934-2 - USN-3934-1 fixed a vulnerability in Policykit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations. Various other issues were also addressed.
13db2b49515621a4f2d04fc157919dafa07b9c4e91f83f5c1eb644a170dc9033
Cisco IronPort C150 suffers from a remote host header injection vulnerability.
ce45780afb7f4d877adb44119292a4a17c67e3b1648fbbc8fcca7490240237a5
Microsoft Outlook Web Access build 15.1.1591 suffers from a remote host header injection vulnerability.
3851e7b6f8702511bfebd9d28508518b1088e01005f6b566164e025598a95b29
Red Hat Security Advisory 2019-2586-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a bypass vulnerability.
e9a6da2cc33b1e47335b16e1a2545f3c3021eb369deb13f3ec98de73f601b042
Alkacon OpenCMS version 10.5.x suffers from multiple cross site scripting vulnerabilities in the Apollo Template.
8bf3e5a073471ff188f98fcbf775d29f189029f2b11444b3903fcae2053c8ac8
IntelBras TELEFONE IP TIP200/200 LITE version 60.61.75.15 dumpConfigFile pre-authentication remote arbitrary file read exploit.
802161fa7d70ec4e78c8e085633687df6199ec0de00907a04fd5cda9440a8246
Gentoo Linux Security Advisory 201908-28 - A vulnerability in the GNOME desktop library may allow attackers to escape the sandbox. Versions prior to 3.30.2.3 are affected.
068517b22b922ec18509168e3d60fc960e07d952d5d986e8f939668fc072d950
WordPress Event Tickets plugin version 4.10.7.1 suffers from a CSV injection vulnerability.
0864003e6cc1ad3e07ae78f2b5e63b5e36f381c317d68a27fe4cdb4f553686fb
Wolters Kluwer TeamMate+ version 3.1 with internal version 21.0.0.0 suffers from a cross site request forgery vulnerability.
9c9904018fb90a7c70010a0eccd32a66278cccb347c136edc61acdf8c6bc15d2
Red Hat Security Advisory 2019-2591-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a bypass vulnerability.
19bbf1a95bfa25350e42bdf75e8b4542876b462182be13ab2c542a5491f7672e