This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization flaw. Uploading the file requires knowledge of the cryptographic keys used by RAU. The default values used by this module are related to CVE-2017-11317, which once patched randomizes these keys. It is also necessary to know the version of Telerik UI ASP.NET that is running. This version number is in the format YYYY.#(.###)? where YYYY is the year of the release (e.g. 2020.3.915).
2f6a8f760339d2c83d483651740d009b85c87d1a8e03ca388c1ef83409e65051Red Hat Security Advisory 2020-4273-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include crlf injection and traversal vulnerabilities.
4c4d0b3638088fe5fc99f689641e53e9323ea17ebf76604548ac062a7d811b7fRed Hat Security Advisory 2020-4265-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include cross site scripting and information leakage vulnerabilities.
15089511e793e72f5d3e23eee9deb9ff52e35d5d604957f183139b632c9a90a0Ubuntu Security Notice 4593-1 - Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
febe229d6289829a933dc52199e594baab75d17e2d3c1a10f83ede00566d6988Gentoo Linux Security Advisory 202010-6 - Ark was found to allow arbitrary file overwrite, possibly allowing arbitrary code execution. Versions less than 20.04.3-r2 are affected.
7ce6012167204b1164242785146d2c17eabd6ae521889185777f34b6f57ce3c1Gentoo Linux Security Advisory 202010-5 - Multiple vulnerabilities have been found in LibRaw, the worst of which may allow attackers to execute arbitrary code. Versions less than 0.20.0 are affected.
214d144b9dd8115ee6eb752f69d8941cd9532ecbaf61be90953c491a6a0f0fafWordPress Colorbox Lightbox plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.
be785d6b6150f2af838ebd034a1931d0e03a35375261840865cac44167da652cRed Hat Security Advisory 2020-4276-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.
30e414e203f959072ef3c252bfa4108ae6fc999c4fb3b252e31ab879b7d1f16fAn unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, versions 9.0-8 and below. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be exploitable in both the Windows and Linux version of the software and has existed in the LISTSERV Maestro software since at least version 8.1-5. As a result, a specially crafted HTTP request can be constructed that executes code in the context of the web application. Exploitation of this vulnerability does not require authentication and can lead to root level privilege on any system running the LISTServ Maestro services.
47ea69c299460db10d186131b9f1c65c7396d9a132d29b4816b4093286ef4a74Ubuntu Security Notice 4592-1 - Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information. Various other issues were also addressed.
d7515239e07d687808da7fbe91f834dad13e673659a86c1dad1b6e475e380895Red Hat Security Advisory 2020-4290-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a use-after-free vulnerability.
634528d37f5b388b74c77a007a51db83c3747d3bf6d3beaada139cba85579cd1WordPress Rest Google Maps plugin versions prior to 7.11.18 suffer from a remote SQL injection vulnerability.
e6025006b8ce2e3cfcabeec432d9bc57bb38877f128d98224407cf302db914dbGentoo Linux Security Advisory 202010-4 - Multiple vulnerabilities have been found in libxml2, the worst of which could result in a Denial of Service condition. Versions less than 2.9.10 are affected.
3e1a1f46b77ba5156068d8caa6558fa0bb74bd6c8ba52736b22bcf734a309532This Metasploit module attempts to create a new login session by invoking the su command of a valid username and password. If the login is successful, a new session is created via the specified payload. Because su forces passwords to be passed over stdin, this module attempts to invoke a pseudo-terminal with python, python3, or script.
0257dbb6f700dec5660947d7221bfaf952f0706f6a22fd4c4a1b74364487bb23Red Hat Security Advisory 2020-4291-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
cf04bb9bfcf2d01d5987c87dfe4ae38f29f563e8b82a5c1f97198d98363d3077Visitor Management System in PHP version 1.0 suffers from an authenticated remote SQL injection vulnerability.
a3d7235a2e76acbc794c00b48c8a76f8062e50cc48e65ded0d4a9d7ecd78ac4dUser Registration and Login and User Management System with admin panel version 2.1 suffers from a persistent cross site scripting vulnerability.
e75970d0f2bc5bf21ee97be51f13e110881de35f7c8802fe4a39e4e3708d9fdeRed Hat Security Advisory 2020-4286-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.
8f7a24548cfe79a3658e4f63f2abba8cf6d601dde1625f973112d0508a84f92dGentoo Linux Security Advisory 202010-3 - An information disclosure vulnerability in libjpeg-turbo allow remote attackers to obtain sensitive information. Versions 2.0.4-r1 are affected.
4d2aef4117a1618ec9a35758a1b38d038857906ff83626ed37334f18aaf88099WordPress HS Brand Logo Slider plugin version 2.1 suffers from a remote shell upload vulnerability.
be9cc0e699b8de85afd3c6f744938c504dd3520789db58486b688dfce3a9c6f7Red Hat Security Advisory 2020-4289-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an information leakage vulnerability.
697afd2cc16ce67184c185acf1888e6cb30327a9ea1e639d63b640c467e815d5Ubuntu Security Notice 4591-1 - Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information. Various other issues were also addressed.
9e92faf34368121f7c8cf203fd068a5a684f38477adf3dac22437502d9d19dadUltimate Project Manager CRM PRO versions 2.0.5 and below suffer from a remote SQL injection vulnerability.
2285f33697185e1a0bdfb88fb34af2d8294c768cf175be4d6fa3b532b14a7811Apache Struts 2 DefaultActionMapper Prefixes OGNL remote code execution exploit.
8fc62c46ad7c22f69ed91bac27cf5de646a12ab72512eb056f4af8ee4edfc6baRed Hat Security Advisory 2020-4287-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and information leakage vulnerabilities.
01bef5346f503d03b012cd69911e6673dd749f654d1dd791e5eb09b23c87a2b3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed