This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.
07a638401a07dae3fe0cc15b5a196965The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
1dcf1f6b7712852fbd463df5241736b6Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
e949cb34e77af181abdfa0f99f1bbf41Red Hat Security Advisory 2020-2824-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.
04a7cdccc509e40d553224fbc5d269e9Red Hat Security Advisory 2020-2823-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.
2fdf47cd71242eae7e056c3735e53336Ubuntu Security Notice 4417-2 - USN-4417-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys. Various other issues were also addressed.
6beff0f6338dd54f6fb90b69d9a0df10Ubuntu Security Notice 4418-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.
5d0c63ae06263e9ba6a5f62e7a671b92RSA IG+L Aveksa version 7.1.1 suffers from a remote code execution vulnerability due to an authorization bypass issue.
7f8a7faeaf6a30052a2f2e03d4e71999VIPRE Password Vault iOS application versions 1.100.1090 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.
82d37852c91e2ee7b39bd7164fcdcea8Sophos Secure Email Android Application versions 3.9.4 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.
0af4af6cc034077229b0fc5e55b878d0Red Hat Security Advisory 2020-2789-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
81a1bfe33e453b7550fc9feb09fc88b4Ubuntu Security Notice 4417-1 - Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys.
e9274f982c4cc0c30bfbf3a764a56313rauLink Software Domotica Web version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2e87055a57f33f9b29edeaf78101e3e4Red Hat Security Advisory 2020-2825-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.
4dacbdd82dac1d8f815059abe37f4899Fire Web Server version 0.1 remote denial of service proof of concept exploit.
cf922f7b9acdf5e4a7459a6f7875b4dcRed Hat Security Advisory 2020-2793-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
f610637cab987dce2b3dabcaa2af890bUbuntu Security Notice 4416-1 - Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
975e041e3d37f449a833dd5fe6546f60Nagios XI version 5.6.12 remote code execution exploit that leverages export-rrd.php.
31691ce3c81c37946e036a7240a1b83fRed Hat Security Advisory 2020-2819-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation.
d9454eedd50c4772984258dc5beb8b94Ubuntu Security Notice 4415-1 - Felix Doerre discovered that coTURN response buffer is not initialized properly. An attacker could possibly use this issue to obtain sensitive information. It was discovered that coTURN web server incorrectly handled HTTP POST requests. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. Various other issues were also addressed.
11f9ee05e1860d5ec55b80a92f75d1b8Whitepaper called Assembly "Wrapping": A Technique for Anti-Disassembly.
47e084698e68187ea5222a31c0d9a875Red Hat Security Advisory 2020-2790-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
7d7433ab81392d8ee2a3b1f29098b275Red Hat Security Advisory 2020-2792-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a server-side request forgery vulnerability.
d5553c3c530f3a9fa60b585f4bb3649bMicrosoft Windows mshta.exe allows processing of XML external entities which can result in local data-theft and or program reconnaissance upon opening specially crafted HTA files.
3d485c03f4489132e6fd1b36a2775fe9Grafana version 7.0.1 denial of service proof of concept exploit.
33392e953ed4c0751cbb690ba0307eb9
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed