This Metasploit module exploits an arbitrary file upload vulnerability in FlexDotnetCMS versions 1.5.8 and prior in order to execute arbitrary commands with elevated privileges.
47b81343e2c7ec2c740cde41827515920f9357ae6d5bec55de8ab24845c398f4OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242Red Hat Security Advisory 2020-5379-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB.
987fc6352ad4543fccbee7d27a5be317761dfe825bda8e3c12f82b0211c01e75Red Hat Security Advisory 2020-5372-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser.
ab304a550dc3df7a547c9f4b013999a8df5d647801cc107297c38358b7f8b71dRed Hat Security Advisory 2020-5369-01 - The microcode_ctl packages provide microcode updates for Intel. Issues addressed include an information leakage vulnerability.
5d8deac190de5db61a2d54f0c631584dd9ffc0ca388161c03570c1bf590b4480Ubuntu Security Notice 4656-2 - USN-4656-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
256a56f5fc88fd65518912b573cfd4e3fbafff47dd7dc2dac9560497080ab47eDup Scout Enterprise version 10.0.18 suffers from a remote buffer overflow vulnerability.
0d9e00f68aff1390cbf778030b3bad1d0909dfe43398e6e3d52770cce05d2f4bDruva inSync Windows Client version 6.6.3 suffers from a local privilege escalation vulnerability.
bea8421c672e643ef68b0807bd851677d620618aa81d41bcb9baf9ae9e521007Employee Performance Evaluation System version 1.0 suffers from a persistent cross site scripting vulnerability.
4d1ffa5f892dd086e290f6c9a4de9b1797f3c7cb61722d70f9519527a3acfe60Red Hat Security Advisory 2020-5374-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
fddc7b9930f8b629fd1cc7b4b5a9083df59aa7f16cbdc9c437a9e83e3ca5ffb7Whitepaper called API Security Overview that discusses different types of flaws and exploitation of API insecurities.
19487e6fb12e5fd2ce1d15d579fca1015fa6eb99c113ccce6a7fd2ae4947256bRed Hat Security Advisory 2020-5365-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.8.0 serves as a replacement for Red Hat AMQ Broker 7.7.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include cross site scripting and server-side request forgery vulnerabilities.
8697b746ab2a47b1d90f0bb825389950884d10f9f4396d03dd356147283c114fOnline Bus Ticket Reservation version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6125e99ca25695a42038812b51dbf6d89803e19a29980557e649fa49fb12f0faStudent Management System PHP version 1.0 suffers from a persistent cross site scripting vulnerability.
8392a0caf24c17f8a1d127d3504c635a3817ad69a9e9599d2137bd55a34b324eOnline Bus Booking System Project using PHP MySQL version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fbff8e118a7e5e64204407d45012b67fa50531c8633d30e8753f90ae09878de7OpenSSL Security Advisory 20201208 - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack.
d48c1e3c5eb58b46a89fda9c0bae3907dd380c730114864f619b546510c72f3b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed