This Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath to the newly created photo library, a file named Dict will be unpickled, which causes remote code execution as the user who started Plex. Plex_Token is required, to get it you need to log-in through a web browser, then check the requests to grab the X-Plex-Token header. See info -d for additional details. If an exploit fails, or is cancelled, Dict is left on disk, a new ALBUM_NAME will be required as subsequent writes will make Dict-1, and not execute.
e2012f91e0f7c3c6e3c7a3f9dff3d5bbac47e45f6db5582aff00dfa52d4c1a26WonderCMS versions 3.1.0 and below suffer from directory traversal, persistent cross site scripting, and file upload vulnerabilities.
c8f9cd68ea4db3c53c6e6bf260ab07eced2819f903c6aa21f0fb40a29486efcfRed Hat Security Advisory 2020-2989-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated version is .NET Core Runtime 2.1.20 and SDK 2.1.516. Issues addressed include a code execution vulnerability.
b69255df338f904b339bf4b36978b0fb4141c2df774e4a3f607fc0fcbd5219c1Apple Security Advisory 2020-07-15-5 - Safari 13.1.2 is now available and addresses bypass, code execution, cross site scripting, out of bounds read, and use-after-free vulnerabilities.
1b421a85bd25a29d1a8ef8a33834c09f9a1e2d31199a42034e2f2c283033a74aRed Hat Security Advisory 2020-2988-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated version is .NET Core Runtime 2.1.20 and SDK 2.1.516. Issues addressed include a code execution vulnerability.
b747e45fa3f1fdc80774047b2c6261f0c36c8cea9e6fdcf56bf3185740ea862aSMB12 Information Gathering is a data gathering python script that inspects SMB1 and SMB2 endpoints. It will extract various attributes from the remote server such as OS version (only supported by SMB1 as per protocol definition), DNS computer name, DNS domain name, NetBIOS computer name and NetBIOS domain name (SMB1 and SMB2).
e713b9f00eeceaf145e55d75e97c40aaf051c7225870c50532a4c9110b7c13ddSonar Qube version 8.3.1 suffers from an unquoted service path vulnerability.
c44cba3fc030821c0c854200d28259db076bfb6550edb82330fb302301aa5a2bPMB versions 5.6 and below suffer from a cross site scripting vulnerability.
dda11415737c7cc9fab61abc37019075bdc7d65d53068e6a505fda7f637e488dApple Security Advisory 2020-07-15-4 - watchOS 6.2.8 is now available and addresses bypass, code execution, cross site scripting, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
eb240d249974b955ca5bf0d3f511e98a4a4c348c07ad76b26472bbb443145fceSimple Startup Manager version 1.17 local buffer overflow proof of concept exploit.
18da94ec10e6a2c71414c0b092afd9b2dbaf4a39221556209be7d7b337cea7f0Several security issues have been identified in the VMware ESIx virtual machine monitor (VMM). A use-after-free (UAF) vulnerability in PVNVRAM, a missing return value check in EHCI USB controller leading to private heap information disclosure, and several out-of-bounds reads.
9736a651dce3d31a53e949929fa5e638854317668ea1eefa6f0e52872f79d3a2Apple Security Advisory 2020-07-15-3 - tvOS 13.4.8 is now available and addresses bypass, code execution, cross site scripting, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
5acc44b7c3608b4487fb2303f0083a567bcdde5f825774c8c6b7d087e636eea6Apple Security Advisory 2020-07-15-2 - macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra are now available and address buffer overflow, code execution, denial of service, out of bounds read, and out of bounds write vulnerabilities.
d95f20b4b23c2ac341545e9ac3c0ad384f7d69ead6709de54e59fc3a7be604a5Apple Security Advisory 2020-07-15-1 - iOS 13.6 and iPadOS 13.6 are now available and address buffer overflow, bypass, code execution, cross site scripting, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
a1083d1dcae4c16086a6b4d0fdbeb1f7753173e56db200075a539df34cf55741CMSUno version 1.6 suffers from a cross site request forgery vulnerability.
0ff79982a2ad6842fd7b67c8a2de490a0a35bc3a52eceb81b0d9ebf9df487342Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
cdbb5b159a9b52273839333395d310750b2d91be18f07fedd296b2c5472fa87e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed