This Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath to the newly created photo library, a file named Dict will be unpickled, which causes remote code execution as the user who started Plex. Plex_Token is required, to get it you need to log-in through a web browser, then check the requests to grab the X-Plex-Token header. See info -d for additional details. If an exploit fails, or is cancelled, Dict is left on disk, a new ALBUM_NAME will be required as subsequent writes will make Dict-1, and not execute.
41eb0c77f9b7de3ab74e8c47a61a86c3WonderCMS versions 3.1.0 and below suffer from directory traversal, persistent cross site scripting, and file upload vulnerabilities.
c87a3407d183c31bf41f5245e885cf76Red Hat Security Advisory 2020-2989-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated version is .NET Core Runtime 2.1.20 and SDK 2.1.516. Issues addressed include a code execution vulnerability.
14077e694a12aa5ff8591c8a4e152415Apple Security Advisory 2020-07-15-5 - Safari 13.1.2 is now available and addresses bypass, code execution, cross site scripting, out of bounds read, and use-after-free vulnerabilities.
fae2dd75505f460f265a5bb0c506f1b7Red Hat Security Advisory 2020-2988-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated version is .NET Core Runtime 2.1.20 and SDK 2.1.516. Issues addressed include a code execution vulnerability.
430ae72ff0f53548cd9b1b7467a94ae5SMB12 Information Gathering is a data gathering python script that inspects SMB1 and SMB2 endpoints. It will extract various attributes from the remote server such as OS version (only supported by SMB1 as per protocol definition), DNS computer name, DNS domain name, NetBIOS computer name and NetBIOS domain name (SMB1 and SMB2).
ddda39cbd4570cf2fc5b7af60557808cSonar Qube version 8.3.1 suffers from an unquoted service path vulnerability.
cf5f27c462bfb0ea70bddae34b0d6346PMB versions 5.6 and below suffer from a cross site scripting vulnerability.
d58525ab917c37a46f62bd441a0c4336Apple Security Advisory 2020-07-15-4 - watchOS 6.2.8 is now available and addresses bypass, code execution, cross site scripting, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
3d5d573fe7b211101f6cd780461624f6Simple Startup Manager version 1.17 local buffer overflow proof of concept exploit.
04b3558b2a638d3ad2f31773374f1d75Several security issues have been identified in the VMware ESIx virtual machine monitor (VMM). A use-after-free (UAF) vulnerability in PVNVRAM, a missing return value check in EHCI USB controller leading to private heap information disclosure, and several out-of-bounds reads.
d2417f8af8ebed99ebd6fdfff7a2c153Apple Security Advisory 2020-07-15-3 - tvOS 13.4.8 is now available and addresses bypass, code execution, cross site scripting, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
3f70ec352ebe5c029a760fd3924867c3Apple Security Advisory 2020-07-15-2 - macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra are now available and address buffer overflow, code execution, denial of service, out of bounds read, and out of bounds write vulnerabilities.
a61b35f8dbe9b3563ab08b9ba525a3caApple Security Advisory 2020-07-15-1 - iOS 13.6 and iPadOS 13.6 are now available and address buffer overflow, bypass, code execution, cross site scripting, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
930c08146b91758658c332bba05db932CMSUno version 1.6 suffers from a cross site request forgery vulnerability.
2dc520d23a1ef4ec186a4cdb1bb261d1Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
648a4a1b121aef29f6ad6efa41f49b08
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed