This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.
326f81b545fe8313bbeed2d318b0e0e5050341b5d04a71833263a320f03d34afZeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.
79f4f3efd883c9c2960295778dc290372d10874380fd88450271652e829811d2CA Technologies, A Broadcom Company, is alerting customers to a potential risk with CA Nolio (Release Automation) in the DataManagement component. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA published a solution to address the vulnerability and recommends that all affected customers implement this solution. The vulnerability occurs due to insecure deserialization. A remote attacker may execute arbitrary commands by exploiting insecure deserialization through the DataManagement service.
314bbacc567ea848f967938952b1812d54c37c90a86c36a1035c553b80e17251DAViCal CalDAV Server versions 1.1.8 and below suffer from a reflective cross site scripting vulnerability.
1e3247ffa05b66e23aff44c536006d5a44e2b777e35efc4ecb47cde012955385DAViCal CalDAV Server versions 1.1.8 and below suffer from a cross site request forgery vulnerability.
3ba72e73d7da8d7cd6dc3b23935358e19e8957232d7f94a98c4abe2260bcd352DAViCal CalDAV Server versions 1.1.8 and below suffer from a persistent cross site scripting vulnerability.
d21fe829dfa49ef5635cecda3ecc3586cb8e1642ac384bf9cc8577a4fdf451d2Ubuntu Security Notice 4202-2 - USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, or execute arbitrary code. A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.
0508b25ed86166d9e8ad492da3dab33c26ea8d976fc0c2aaea774bea64b55912Debian Linux Security Advisory 4581-1 - Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system.
bd5bc206398f2c858236193f8d1423d0d7c13056efb639821dc47e007a0886b1Ubuntu Security Notice 4220-1 - Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.
b64faada40f1690c47afbe84c01e70a9543d9ba15bee65587867f07241e09abbRed Hat Security Advisory 2019-4195-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.3.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
647ee1916f058f5ff82d7aa09485987261a83061924b86719d9af91c8506243eUbuntu Security Notice 4219-1 - It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.
4431479b354d66fc022ba565aef23c5e5b290bf3be3039210d70f2110572a75bRed Hat Security Advisory 2019-4190-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services libraries. An out-of-bounds write vulnerability was addressed.
c6309421d9f435509de27d878786d1b1be6de862683ea853d6042b272f929b5fRed Hat Security Advisory 2019-4192-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include a code execution vulnerability.
a8181d462928088e6908d3b9b6101794c0c839e1ee9f99c58e49ad2791503822Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
4d5975862e7808faebe9960def6235669fafeeac844cb76965501fa7af79d8c2Apache Olingo OData versions 4.x.x through 4.6.x suffer from an XML external entity injection vulnerability.
d75945c0ef25d01e09b20bc238efc4643956f6efcb9ef7c60c5a3616439af4afInim Electronics Smartliving SmartLAN/G/SI versions 6.x and below suffer from a hard-coded credential vulnerability.
f1d5a23a767ec52a68545eb2ad5dc16b6827f7848f56e42399c0f89afd658373Inim Electronics Smartliving SmartLAN/G/SI versions 6.x and below suffer from an unauthenticated server-side request forgery vulnerability.
1ad1213e3c36af824a6cc1d43d296b476e47ee91265834d4a0555e2d6041df73Inim Electronics SmartLiving SmartLAN/G/SI versions 6.x and below suffer from a remote root command execution vulnerability.
02c053f6ab4d3da0f1fb70f85395b573cbb106c385b0a94a6e03e831fbf60634WordPress Scoutnet Kalender plugin version 1.1.0 suffers from a cross site scripting vulnerability.
dc1aa291b8bb0d98f7ee64b5239ae8996dfeff75588abfd2a7215d862ff5bbdeRed Hat Security Advisory 2019-4191-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.
df393d115db17ca7d5cc58fa98739292787d64b5fecc9f8dca94ee94518febfeUbuntu Security Notice 4218-1 - Jakub Wilk discovered that GNU C incorrectly handled certain memory alignments. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
df29784494505674a7e15ef613cb7906a0da073196456b4142c72d4f22417fa7Ubuntu Security Notice 4217-1 - Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations.
51b01c1767b0bdb132c8d865c0a4fae6ca8ba99c8b662d627473d2bc026ba909Red Hat Security Advisory 2019-4168-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
1a1691787b85ce9ab25f75a1ac2e3bcc905d125a5f1987cb3749d4a099331280Red Hat Security Advisory 2019-4171-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a buffer overflow vulnerability.
5caa21595d3f56f297935aeb707637a6b5e43535f4e7bd845f2c08d75fa892f1Red Hat Security Advisory 2019-4152-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. An out-of-bounds write vulnerability has been addressed.
d80f57e0335040e0050c95d5478f05c4687da2e6759b7d28e50f46b374ae3bac
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed