This Metasploit module exploits an authenticated Java deserialization that affects a truckload of Micro Focus products: Operations Bridge Manager, Application Performance Management, Data Center Automation, Universal CMDB, Hybrid Cloud Management and Service Management Automation. However, this module was only tested on Operations Bridge Manager. Exploiting this vulnerability will result in remote code execution as the root user on Linux or the SYSTEM user on Windows. Authentication is required as the module user needs to login to the application and obtain the authenticated LWSSO_COOKIE_KEY, which should be fed to the module. Any authenticated user can exploit this vulnerability, even the lowest privileged ones.
13d48a0eedb076ba8ac83405342b8b011a20b72ca2d2e40597629ef5d018cdddMicrosoft Windows has a privilege escalation vulnerability. When a process is running in a server silo, the checks for trusted hive registry key symbolic links is disabled leading to elevation of privilege.
6bfe0cdda02d4fbe057af9ecc41a80c96bb55fbaab78a5397b48afe2eb1905a5Adobe Magento Commerce versions prior to 2.4.2 suffer from a cross site scripting vulnerability.
901c1af1587ebc9a26b154995ec271cad02931488eb9cef602e6b0bd29fa4817b2evolution CMS version 6.11.6 suffers from multiple cross site scripting vulnerabilities.
9bc033021181cc828f78a45246fdbf842d7af5b01e9360d87e262f8067d9e475b2evolution CMS version 6.11.6 suffers from an open redirection vulnerability.
c65ab83dc414ae0fd259db2445e3da796cf8cf06d6be4c9e872b07e92bd3283cUbuntu Security Notice 4713-2 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.
33006688440706d80f92159adf06335105a943bc106b735a9520e4fd9d365852Ubuntu Security Notice 4727-1 - Alexander Popov discovered that multiple race conditions existed in the AF_VSOCK implementation in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.
a16e27e0082398c4fbe46c44037263e22c95d539682ec5f4d2b8f9445293b741Ubuntu Security Notice 4728-1 - Gilad Reti discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a compromised or malicious container.
f62b67ef889b9ee520de0fe63f88fb82946d64b109047879e30516ab1bbfe140Online Car Rental version 1.0 suffers from a remote shell upload vulnerability.
ef52bc0d2606bcba1852493116ccff6b1292008b1eeb3dc86915400ea5d0720eBackdoor.Win32.Aphexdoor.LiteSock malware suffers from a buffer overflow vulnerability.
8b6ccade23d3ec6d18ecf166c4a5516158a541bd323da2a669ba9d7a232ab203Node.JS node-serialize remote code execution exploit.
df946f2b586c535246f32b7e8ed6cf0ea4a79826574402c6b513172ffb1f4a21
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed