This Metasploit module exploits a vulnerability in Bludit. A remote user could abuse the uuid parameter in the image upload feature in order to save a malicious payload anywhere onto the server, and then use a custom .htaccess file to bypass the file extension check to finally get remote code execution.
446227cfe4396e17a646d44fe472ff2d78be469000650a8277e08728e69d08a8Red Hat Security Advisory 2019-3839-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
773cd33a166b714dd70f0bde932970729dc1937e30fd3a28edb5c551dd28558bRed Hat Security Advisory 2019-3840-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
9c4b4a7a93578e3beae85cc79e205e8591dad3a769b82bec868ac7d60eadb4c5Red Hat Security Advisory 2019-3843-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
72092f8f82ad8e850287e6b67ae24e1dce7e2a918299ebcb4953ac548c3e03b4Red Hat Security Advisory 2019-3842-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
67fc5f3bc668d2fe27e987c37cd0fc1e8afc424a75b6cfc5c6051417fc96dcfeRed Hat Security Advisory 2019-3844-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.
06ca565ed36b6d19771da8c4916449fa36ddfe578adb3b3cf7d45f31ca500fb4Red Hat Security Advisory 2019-3841-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
1198cfdb9658e3e124180052cd82ea409dea32e815e5b7a67d4fc24867dddaf6Red Hat Security Advisory 2019-3836-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
a91afe76636b6f149dc5059d07e3e242a1111b66c911b102d080eb51686a178bRed Hat Security Advisory 2019-3834-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
a24db6e0162bea8d6faee97b8e55955ce91f5ed22db7e094e3444bf3301efd7aRed Hat Security Advisory 2019-3838-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
2cfc57ad66b2e71bc2cb4240cf4159b593f32f381ea4e82efcfcf8d481b53557Red Hat Security Advisory 2019-3837-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
e794039edd0d26d6cb7e24974ceda1a4b850d96551a8d83fbc6968679edcee86Red Hat Security Advisory 2019-3860-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
d3bfcea5fbe429d208801e5aaffdb1adb6aa56d30aa58decfc4064829173d684Red Hat Security Advisory 2019-3832-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
ea28f8d2c1c21ae910e5e7fb1210f21ecc5d7a925fec571a4e56e23e3b835158FreeBSD Security Advisory - Intel discovered a previously published erratum on some Intel platforms can be exploited by malicious software to potentially cause a denial of service by triggering a machine check that will crash or hang the system. Malicious guest operating systems may be able to crash the host.
136279366752dfb4e0c2529e71b4b97464d958bd1c62cdd82d59cff6ffd2444cFreeBSD Security Advisory - From time to time Intel releases new CPU microcode to address functional issues and security vulnerabilities. Such a release is also known as a Micro Code Update (MCU), and is a component of a broader Intel Platform Update (IPU). FreeBSD distributes CPU microcode via the devcpu-data port and package.
23eef89d8eeb80cd7f3d30fda491fafe5e3fa0290ff6e657bb63731a35babb3cDebian Linux Security Advisory 4564-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.
59c27079a31702e897cbf30fcf5ef9e412e9e9662564394bded4827560ab30d1Red Hat Security Advisory 2019-3835-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.
2df2b21d7a4cfa6067f20b1e6244936ad6692a08705ffbeba37bf5c6ff31c97fRed Hat Security Advisory 2019-3833-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.
93861f502d8798738a848b860fe8bae370ed66ba1a722d2b1cd17e4a3a3b7cd3This Metasploit module exploits a post-auth command injection in the Pulse Secure VPN server to execute commands as root. The env(1) command is used to bypass application whitelisting and run arbitrary commands. Please see related module auxiliary/gather/pulse_secure_file_disclosure for a pre-auth file read that is able to obtain plaintext and hashed credentials, plus session IDs that may be used with this exploit. A valid administrator session ID is required in lieu of untested SSRF.
6674132172219a30d7cdc8c399117a3d4c424e9e997b7824e6b1a2c5163f1072This Metasploit module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users need to be included when /etc/passwd is overwritten, else AIX will throw 'Cannot get "LOGNAME" variable' when attempting to change user. The Xorg '-fp' parameter used in the OpenBSD exploit does not work on AIX, and is replaced by '-config', in conjuction with ANSI-C quotes to inject newlines when overwriting /etc/passwd.
cdb60dbe662ae825c2e68b4e3467951ff4065037e1a4c7ab93afe4fd720eaf44Ubuntu Security Notice 4181-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
d5c06642d477e5bf767b6603fa11649605d05345201f1018590eb9fc7aa7aaa2Prima Access Control version 2.3.35 suffers from a persistent cross site scripting vulnerability.
8b2e7861d4f8c7ee669307e7c29c4f9f3d4b20c796b9c779252c47472a2494d7Prima Access Control version 2.3.35 authenticated python script upload remote root code execution exploit.
405b9a11a2bf84c4af41e76024a58abcadf4203d2e618a80413892eb14c95119This Metasploit module exploits a command injection vulnerability in the Linear eMerge E3 Access Controller.
5b73f12cfb4a017aea5a1feb55cc647357e0dda86acd65b321c90401fe9aac24FlexAir Access Control version 2.3.38 authenticated remote root exploit that leverages command injection via a SetNTPServer request.
4eb885a606ec1e9bced19210361d829b8f03cf81cbe8b208d4f780561f9cb3b6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed