This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.
942c0ce311ce709dd7c1790955789b1f88040cee422935d166bdf0e150147703The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
993c91ea03b2eecab50695a5fc31b4fb0991af53fe6736e3e45cd8bd255ed1d4Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
e8e484a5973b3a86d0f5e9f00e728ee585979a72e846bdd2d4f13a5cc032d6eeRed Hat Security Advisory 2020-2824-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.
6c84acd38b40987a084c4304884a54a90d2f683f9b887fbe6a3b1f997b088baaRed Hat Security Advisory 2020-2823-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.
e7842fbbcf3bae47b075a53a2a176c7fd73322cb94b6f298a861b649a712e938Ubuntu Security Notice 4417-2 - USN-4417-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys. Various other issues were also addressed.
8cc46dfd734fdf34a52d97e8b2f176253a381484125d0877cf205886992e0c63Ubuntu Security Notice 4418-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.
ff848b0d4adb287d6946f1d2779e5a0b418a304a2e30908517e2d9796b99af2aRSA IG+L Aveksa version 7.1.1 suffers from a remote code execution vulnerability due to an authorization bypass issue.
16bc444575b590b35b69a5534bc7552c0f81d8f9daaa2cefa85554c9f8e4c8ceVIPRE Password Vault iOS application versions 1.100.1090 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.
ad2b385769262f6b82c11eb32205aa58cc8946448f0a2abb7f3f31a2dd608b59Sophos Secure Email Android Application versions 3.9.4 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.
564bf74464507abc31328cd13ce11650838cbcc6c851afff00c70b4726aa428cRed Hat Security Advisory 2020-2789-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
1c6ccb253794abb733d3e31d483f7d098517d3dbfc1b095f37484c46fa921578Ubuntu Security Notice 4417-1 - Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys.
b07d3665f6e61dc3a025ddaae562a72a3dcc898d1de9424f2cdc5635f505f6b2rauLink Software Domotica Web version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
cbf3ed802e825293535183521f91de02e124c6d128407bab90d18f025301d703Red Hat Security Advisory 2020-2825-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.
387f9e5699e149616d1ef8a5e43e2834a6bb5e6f6664c74912f4c8d7f805e18eFire Web Server version 0.1 remote denial of service proof of concept exploit.
f1c5f784404e86de0d149052c36a321e850e0a3f633de7e5dc821c983f309360Red Hat Security Advisory 2020-2793-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
84502dfeaf7db15db93c0789f14c26a6666025ac7ed55efbf4106f93bfbd7e18Ubuntu Security Notice 4416-1 - Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
ad00074c48095e1094b2946c458fba7c26cd42996ac22eb17a94175a5a0b9a15Nagios XI version 5.6.12 remote code execution exploit that leverages export-rrd.php.
c8065ab61aa72b884d87befb918a614c7f8f98f327a9db383fbbd87f7aae2874Red Hat Security Advisory 2020-2819-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation.
da4450cf4e2bcbd352894ad1eff64d6fd639ded1098d6ed09525c7551fbd15efUbuntu Security Notice 4415-1 - Felix Doerre discovered that coTURN response buffer is not initialized properly. An attacker could possibly use this issue to obtain sensitive information. It was discovered that coTURN web server incorrectly handled HTTP POST requests. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. Various other issues were also addressed.
321d1146672c0be1922e159ad05e21957107127cde0fb58973b870f004a8f676Whitepaper called Assembly "Wrapping": A Technique for Anti-Disassembly.
bcb4bfdb398a855f8452d150dbc37b847398d22915dd193c3a2e4236a1738ed1Red Hat Security Advisory 2020-2790-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
0eeb80c2dc144e4e3d5f99db187c534b626e68a34e5c09ca37fb3aa16b0dbba7Red Hat Security Advisory 2020-2792-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a server-side request forgery vulnerability.
aebf3b0588993a60453d917fb1503f3720fd2b0796dae569921d987fd81d1bf4Microsoft Windows mshta.exe allows processing of XML external entities which can result in local data-theft and or program reconnaissance upon opening specially crafted HTA files.
c2f70b789eac66e7e0227b39147f2ee878460b9df5a5059f2aa17a51234cda97Grafana version 7.0.1 denial of service proof of concept exploit.
c2b33824f0c2688564f8f963b13b5ec71fc672bdd9957ef87ebc449f73ba2c64
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed