This Metasploit module exploits an insecure permission vulnerability on a folder in Micro Focus Operations Bridge Manager. An unprivileged user (such as Guest) can drop a JSP file in an exploded WAR directory and then access it without authentication by making a request to the OBM server. This will result in automatic code execution as SYSTEM. This module has been tested on OBM 2020.05, but it should work out of the box on earlier versions too.
9f7b81606219444bc6266e1abaa5acdb608ceef1654125907f4811cfd79d69d4
This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command execution as the apache user.
5ec6676b8d5b72c304f3f383a6b3a1bbcb4df27ceff247690cd2cd511bbf75bb
Ubuntu Security Notice 4735-1 - Heikki Linnakangas discovered that PostgreSQL incorrectly leaked values of denied columns when handling certain errors. A remote attacker could possibly use this issue to obtain sensitive information.
98a4b641e5f3853e4d74ce985410ee3298826ef259d051ee8a6d298ce2263a90
Red Hat Security Advisory 2021-0508-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Issues addressed include a denial of service vulnerability.
2e40517124e6a1b0e674b5461e5032420a2dbe4304226c89bf0d45f6884393a8
Red Hat Security Advisory 2021-0507-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Issues addressed include a denial of service vulnerability.
9f1810be1352c689fd5a00e108cd0b88fdd23d2d41999fc666e3c80995c89093
Red Hat Security Advisory 2021-0509-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Issues addressed include a denial of service vulnerability.
fa36ca745d40b4d33ccd5fc090900347a56a25f3444c00359474093e87116194
This whitepaper is a guide to using FTK Imager for digital forensics.
3c78ef29175142feb10177e89ff96cbd355c362ecc8bb3edd23f41ce3f657e0f
Backdoor.Win32.Cafeini.08.b malware suffers from a missing authentication vulnerability.
42b334aea82507140ecc84d70e3e827069455b64df4111d0bb8d29ceb5e02d14
Tasks version 9.7.3 suffers from an insecure permissions vulnerability.
34474c1341eac6f136ec7254f9ed8fbb18fedc8d01a19c336a68c726d9b5ee48