This Metasploit module exploits a vulnerability in the OpenBSD ld.so dynamic loader (CVE-2019-19726). The _dl_getenv() function fails to reset the LD_LIBRARY_PATH environment variable when set with approximately ARG_MAX colons. This can be abused to load libutil.so from an untrusted path, using LD_LIBRARY_PATH in combination with the chpass set-uid executable, resulting in privileged code execution. This module has been tested successfully on OpenBSD 6.1 (amd64) and OpenBSD 6.6 (amd64).
3e6540f0f1a2e09ac135f635d113e22b32dffae061cff0c1ae9ba68f036aa0a2
AVE DOMINAplus versions 1.10.x and below suffer from a credential disclosure vulnerability.
fb23f97bb7a796b24603f52ab2b6237866cb0d5e5d1fcbe46e9cb2975bf4d6cd
AVE DOMINAplus versions 1.10.x and below suffer from an authentication bypass vulnerability.
f4c090245182d4f6d5c066262ce9a85e46956fbae937da321ffabb01e83bb924
AVE DOMINAplus versions 1.10.x and below suffer from an unauthenticated remote reboot vulnerability.
a9ed27231fe14524b9a83ea6aec6bd283fc0d8952d4f7d92cb016a614a545fbf
AVE DOMINAplus versions 1.10.x and below suffer from cross site request forgery and cross site scripting vulnerabilities.
6dbdb199228eb07a4d22d2601beb616d58332dc982ea7ad25070d0a60cc50f85
Debian Linux Security Advisory 4593-1 - It was found that freeimage, a graphics library, was affected by the heap buffer overflow and stack exhaustion vulnerabilities.
4ebdd4858626576870687736dfb6bbf6dc59bf2ac9dcf517ef5a2dd786183e7b
Debian Linux Security Advisory 4592-1 - It was discovered that the Title blacklist functionality in MediaWiki, a website engine for collaborative work, could by bypassed.
bb20c7cf79bcabae820f69665eb8d16f0f0eb6ff267718a901d2578df8890394
Microsoft Exchange Server 2013 CU22 and previous versions suffer from an external service interaction issue.
97ae1cdfb14b6b4713dcecd41c04b196d03d7a204cae20790fa60f8db0e26eaa