This Metasploit module exploits an insecure permission vulnerability on a folder in Micro Focus Operations Bridge Manager. An unprivileged user (such as Guest) can drop a JSP file in an exploded WAR directory and then access it without authentication by making a request to the OBM server. This will result in automatic code execution as SYSTEM. This module has been tested on OBM 2020.05, but it should work out of the box on earlier versions too.
77f9cc425e34582443acfd2b911fbd17
This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command execution as the apache user.
2fcde862940be1be38194631a27617e3
Ubuntu Security Notice 4735-1 - Heikki Linnakangas discovered that PostgreSQL incorrectly leaked values of denied columns when handling certain errors. A remote attacker could possibly use this issue to obtain sensitive information.
227bd67b06137ca52a640ada1774b34d
Red Hat Security Advisory 2021-0508-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Issues addressed include a denial of service vulnerability.
eb61b758b555ec50f0ac409a62aa4084
Red Hat Security Advisory 2021-0507-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Issues addressed include a denial of service vulnerability.
1bb75f2ea21590ae9482ff158cd79a65
Red Hat Security Advisory 2021-0509-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Issues addressed include a denial of service vulnerability.
6f645a77557f90579f90871dbad31652
This whitepaper is a guide to using FTK Imager for digital forensics.
e0ed582817040b408c863c6170fd0ee2
Backdoor.Win32.Cafeini.08.b malware suffers from a missing authentication vulnerability.
1cea2af1a8cbab60a7143aaed75361c4
Tasks version 9.7.3 suffers from an insecure permissions vulnerability.
6cf9f87a977b5946ea58a032c3d29b40