This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.
942c0ce311ce709dd7c1790955789b1f88040cee422935d166bdf0e150147703
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
993c91ea03b2eecab50695a5fc31b4fb0991af53fe6736e3e45cd8bd255ed1d4
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
e8e484a5973b3a86d0f5e9f00e728ee585979a72e846bdd2d4f13a5cc032d6ee
Red Hat Security Advisory 2020-2824-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.
6c84acd38b40987a084c4304884a54a90d2f683f9b887fbe6a3b1f997b088baa
Red Hat Security Advisory 2020-2823-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.
e7842fbbcf3bae47b075a53a2a176c7fd73322cb94b6f298a861b649a712e938
Ubuntu Security Notice 4417-2 - USN-4417-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys. Various other issues were also addressed.
8cc46dfd734fdf34a52d97e8b2f176253a381484125d0877cf205886992e0c63
Ubuntu Security Notice 4418-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.
ff848b0d4adb287d6946f1d2779e5a0b418a304a2e30908517e2d9796b99af2a
RSA IG+L Aveksa version 7.1.1 suffers from a remote code execution vulnerability due to an authorization bypass issue.
16bc444575b590b35b69a5534bc7552c0f81d8f9daaa2cefa85554c9f8e4c8ce
VIPRE Password Vault iOS application versions 1.100.1090 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.
ad2b385769262f6b82c11eb32205aa58cc8946448f0a2abb7f3f31a2dd608b59
Sophos Secure Email Android Application versions 3.9.4 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.
564bf74464507abc31328cd13ce11650838cbcc6c851afff00c70b4726aa428c
Red Hat Security Advisory 2020-2789-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
1c6ccb253794abb733d3e31d483f7d098517d3dbfc1b095f37484c46fa921578
Ubuntu Security Notice 4417-1 - Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys.
b07d3665f6e61dc3a025ddaae562a72a3dcc898d1de9424f2cdc5635f505f6b2
rauLink Software Domotica Web version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
cbf3ed802e825293535183521f91de02e124c6d128407bab90d18f025301d703
Red Hat Security Advisory 2020-2825-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.
387f9e5699e149616d1ef8a5e43e2834a6bb5e6f6664c74912f4c8d7f805e18e
Fire Web Server version 0.1 remote denial of service proof of concept exploit.
f1c5f784404e86de0d149052c36a321e850e0a3f633de7e5dc821c983f309360
Red Hat Security Advisory 2020-2793-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
84502dfeaf7db15db93c0789f14c26a6666025ac7ed55efbf4106f93bfbd7e18
Ubuntu Security Notice 4416-1 - Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
ad00074c48095e1094b2946c458fba7c26cd42996ac22eb17a94175a5a0b9a15
Nagios XI version 5.6.12 remote code execution exploit that leverages export-rrd.php.
c8065ab61aa72b884d87befb918a614c7f8f98f327a9db383fbbd87f7aae2874
Red Hat Security Advisory 2020-2819-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation.
da4450cf4e2bcbd352894ad1eff64d6fd639ded1098d6ed09525c7551fbd15ef
Ubuntu Security Notice 4415-1 - Felix Doerre discovered that coTURN response buffer is not initialized properly. An attacker could possibly use this issue to obtain sensitive information. It was discovered that coTURN web server incorrectly handled HTTP POST requests. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. Various other issues were also addressed.
321d1146672c0be1922e159ad05e21957107127cde0fb58973b870f004a8f676
Whitepaper called Assembly "Wrapping": A Technique for Anti-Disassembly.
bcb4bfdb398a855f8452d150dbc37b847398d22915dd193c3a2e4236a1738ed1
Red Hat Security Advisory 2020-2790-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
0eeb80c2dc144e4e3d5f99db187c534b626e68a34e5c09ca37fb3aa16b0dbba7
Red Hat Security Advisory 2020-2792-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a server-side request forgery vulnerability.
aebf3b0588993a60453d917fb1503f3720fd2b0796dae569921d987fd81d1bf4
Microsoft Windows mshta.exe allows processing of XML external entities which can result in local data-theft and or program reconnaissance upon opening specially crafted HTA files.
c2f70b789eac66e7e0227b39147f2ee878460b9df5a5059f2aa17a51234cda97
Grafana version 7.0.1 denial of service proof of concept exploit.
c2b33824f0c2688564f8f963b13b5ec71fc672bdd9957ef87ebc449f73ba2c64