This Metasploit module exploits an insecure permission vulnerability on a folder in Micro Focus Operations Bridge Manager. An unprivileged user (such as Guest) can drop a JSP file in an exploded WAR directory and then access it without authentication by making a request to the OBM server. This will result in automatic code execution as SYSTEM. This module has been tested on OBM 2020.05, but it should work out of the box on earlier versions too.
9f7b81606219444bc6266e1abaa5acdb608ceef1654125907f4811cfd79d69d4This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command execution as the apache user.
5ec6676b8d5b72c304f3f383a6b3a1bbcb4df27ceff247690cd2cd511bbf75bbUbuntu Security Notice 4735-1 - Heikki Linnakangas discovered that PostgreSQL incorrectly leaked values of denied columns when handling certain errors. A remote attacker could possibly use this issue to obtain sensitive information.
98a4b641e5f3853e4d74ce985410ee3298826ef259d051ee8a6d298ce2263a90Red Hat Security Advisory 2021-0508-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Issues addressed include a denial of service vulnerability.
2e40517124e6a1b0e674b5461e5032420a2dbe4304226c89bf0d45f6884393a8Red Hat Security Advisory 2021-0507-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Issues addressed include a denial of service vulnerability.
9f1810be1352c689fd5a00e108cd0b88fdd23d2d41999fc666e3c80995c89093Red Hat Security Advisory 2021-0509-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Issues addressed include a denial of service vulnerability.
fa36ca745d40b4d33ccd5fc090900347a56a25f3444c00359474093e87116194This whitepaper is a guide to using FTK Imager for digital forensics.
3c78ef29175142feb10177e89ff96cbd355c362ecc8bb3edd23f41ce3f657e0fBackdoor.Win32.Cafeini.08.b malware suffers from a missing authentication vulnerability.
42b334aea82507140ecc84d70e3e827069455b64df4111d0bb8d29ceb5e02d14Tasks version 9.7.3 suffers from an insecure permissions vulnerability.
34474c1341eac6f136ec7254f9ed8fbb18fedc8d01a19c336a68c726d9b5ee48
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed