This Metasploit module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren't exploitable via the webshell technique. Furthermore, writing an SSH public key to /home/vsphere-ui/.ssh/authorized_keys works, but the user's non-existent password expires 90 days after install, rendering the technique nearly useless against production environments. You'll have the best luck targeting older versions of the Linux appliance. The Windows target should work ubiquitously.
ee1f708da8c9cdb296637b11bf11d0e1c52209633c21780eca035b11e77bfd1d
Red Hat Security Advisory 2021-0742-01 - The screen utility allows users to have multiple logins on a single terminal.
437f2bfdda5c0fc56efb4eecd8ca284298a0aca836e0ef7326a6f4f5210fe0a8
Red Hat Security Advisory 2021-0744-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.
2e6cd2f2aa48f2dab5ac7f22f46c330f76fa89d51147b3e2905c8500fabfaef1
This is a brief whitepaper that goes over file transfer mechanisms that can be used on Windows and Linux.
bb53fbaa2dc352533456cf7d06a33392552c749b608b8e33b3b03227d97e1520
WordPress SuperStoreFinder and SuperInteractiveMaps plugins version 6.3 and below suffer from a remote SQL injection vulnerability.
73a1694918d5a2f9d941387ce01f030c65fcad3ffe2a24915402f7cf37671609
Red Hat Security Advisory 2021-0740-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.
048635c872b32a23b29278a2afb2aadf3eccf738adcd36fe2c005413174b1e4e
Hotel and Lodge Management System version 1.0 suffers from a remote shell upload vulnerability.
d20002ffe974011cd852f0ec1bd6fc63fedd654ce04049e4db567922e6f15541
Red Hat Security Advisory 2021-0738-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.
12274a6479dc143dd28b61d9ba2a1d5323611557367b8d4e291d8bae7d84acb8
Backdoor.Win32.Agent.bjev malware suffers from an insecure permissions vulnerability.
1593e70fc0a7f662f718ed8228bf8eea3ff24a55de73c3f6ac058ce858858800
Red Hat Security Advisory 2021-0741-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.
8c3c63e0f5786d781a127450ef7748fd420fcac81e63e994e2f274c6f02e6d74
Joomla JCK Editor plugin version 6.4.4 remote SQL injection exploit.
b3f789cada9ae4a87a7651fb6539d99e2150cde8d64c477092a5ff94e4f17466
Joomla Matukio Events component version 7.0.5 suffers from a persistent cross site scripting vulnerability.
9584c12148fc8617de3641746b4f0230d3311b6572cc96e3b21fd7b640b96953
Red Hat Security Advisory 2021-0739-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.
12c26fe6e6fa4a03dc81642e079ff2e8e419dc0fd193507548d23ffb17214843
GLPI versions 9.5.3 and below suffer from a fromtype unsafe reflection vulnerability.
65d1ee0442efe75600cc5389749bb4e1e3ddf7de93e8f5468cef5c1ff8fe3f50
Backdoor.Win32.GTbot.c malware suffers from an insecure permissions vulnerability.
c2e392c163ebcd9f435c3e09cca9331026106f4740cac625a4044fbdc756e045
Red Hat Security Advisory 2021-0743-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
c0895bd122810f3e0483f5fa2672b0b4281d953314d74fe5dcece8867c53a06b
Backdoor.Win32.Antilam.14.o malware suffers from a code execution vulnerability.
d92bb20e133e9b419f1d5c28b5801d4da7c9f702ffb6c8ef3ed56c0a5ae2e911
Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.
34a59934180dc4ec202e6e77747f7e92b07457fb6a80ea09fb608137ac914095
Print Job Accounting version 4.4.10 suffers from an OkiJaSvc unquoted service path vulnerability.
8ca737a7ce54df21a7e7e7054e07d0c5f530940557afb6207b19a4355cd674eb