This Metasploit module exploits a vulnerability in Bludit. A remote user could abuse the uuid parameter in the image upload feature in order to save a malicious payload anywhere onto the server, and then use a custom .htaccess file to bypass the file extension check to finally get remote code execution.
44b13fc33bc85981452f45311edc6929Red Hat Security Advisory 2019-3839-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
6b3e9bdc6601c210019426089b80c98bRed Hat Security Advisory 2019-3840-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
122661e3161dcc7ffa34a6e227618e0fRed Hat Security Advisory 2019-3843-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
fc976043aef943127edef3fa7e795ea9Red Hat Security Advisory 2019-3842-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
23963054c9b77d966e080a8a1a23fbc7Red Hat Security Advisory 2019-3844-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.
d2379e2d72bc087152527f6d0d934733Red Hat Security Advisory 2019-3841-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
8b3c983d4dfa8c156f19beb1f278acbbRed Hat Security Advisory 2019-3836-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
e6233f1b4e0916b94249c64513f00cd3Red Hat Security Advisory 2019-3834-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
8e83cb8a5cb029838c91ed80e32e91a9Red Hat Security Advisory 2019-3838-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
5d1fa5239d1b98f4fb950bb84ef2c2f6Red Hat Security Advisory 2019-3837-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
6808d04854c11e0017a137bfd2ae63daRed Hat Security Advisory 2019-3860-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
3ca7dcd1a261883687dda1628f85918dRed Hat Security Advisory 2019-3832-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
655c81d296e08d9cfdf0ee712b6a57dfFreeBSD Security Advisory - Intel discovered a previously published erratum on some Intel platforms can be exploited by malicious software to potentially cause a denial of service by triggering a machine check that will crash or hang the system. Malicious guest operating systems may be able to crash the host.
16e31a62d192ef837fe70cb34d0748beFreeBSD Security Advisory - From time to time Intel releases new CPU microcode to address functional issues and security vulnerabilities. Such a release is also known as a Micro Code Update (MCU), and is a component of a broader Intel Platform Update (IPU). FreeBSD distributes CPU microcode via the devcpu-data port and package.
3f292061289055eb717818fe052c4a7bDebian Linux Security Advisory 4564-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.
c9f2f8f2ab7eb7ff20f4ea3572236714Red Hat Security Advisory 2019-3835-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.
3688b3de3f8c912e4dfbe12dd144983aRed Hat Security Advisory 2019-3833-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.
a9035e36d707ae6b854892c7780e1099This Metasploit module exploits a post-auth command injection in the Pulse Secure VPN server to execute commands as root. The env(1) command is used to bypass application whitelisting and run arbitrary commands. Please see related module auxiliary/gather/pulse_secure_file_disclosure for a pre-auth file read that is able to obtain plaintext and hashed credentials, plus session IDs that may be used with this exploit. A valid administrator session ID is required in lieu of untested SSRF.
c74c7def1a1eed3c783bc01c33aa4259This Metasploit module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users need to be included when /etc/passwd is overwritten, else AIX will throw 'Cannot get "LOGNAME" variable' when attempting to change user. The Xorg '-fp' parameter used in the OpenBSD exploit does not work on AIX, and is replaced by '-config', in conjuction with ANSI-C quotes to inject newlines when overwriting /etc/passwd.
441242f216fc75457eaee333db550449Ubuntu Security Notice 4181-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
d2ed637960fd61223d19e006ebfa327bPrima Access Control version 2.3.35 suffers from a persistent cross site scripting vulnerability.
ebbe11b64bcf2c75a9fda017ed7cf988Prima Access Control version 2.3.35 authenticated python script upload remote root code execution exploit.
117f749e7f2c75221ff5de44fb05a88aThis Metasploit module exploits a command injection vulnerability in the Linear eMerge E3 Access Controller.
10ce46aa8da29e972a327cb675669d8eFlexAir Access Control version 2.3.38 authenticated remote root exploit that leverages command injection via a SetNTPServer request.
cf54608f4937667e47f6bc6cb218dd77
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed