This Metasploit module exploits a stack buffer overflow in the Cisco RV series router's SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation easier. Successful execution of this module results in a reverse root shell. A custom payload is used as Metasploit does not have ARMLE null free shellcode. This vulnerability was presented by the Flashback Team in Pwn2Own Austin 2021 and OffensiveCon 2022. For more information check the referenced advisory. This module has been tested in firmware versions 1.0.03.15 and above and works with around 65% reliability. The service restarts automatically so you can keep trying until you pwn it. Only the RV340 router was tested, but other RV series routers should work out of the box.
619682621429d96cd23a1e1bcd69a008398c5244223265886c52e2e417242d02
aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).
05a704e3c8f7792a17315080a21214a4448fd2452c1b0dd5226a3a55f90b58c3
Ubuntu Security Notice 5411-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass permission prompts, obtain sensitive information, bypass security restrictions, or execute arbitrary code.
000f629967ca92f7e1c38fe716cc7f512431d6be87f751d10c253c7ae9867eb9
Ubuntu Security Notice 5412-1 - Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass certain checks or filters. This issue only affected Ubuntu 22.04 LTS. Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server's certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service.
477ec6bff1dfd28bf6df200de8f8540192a02b1e6306fa486d364e719ff4bca8
Ubuntu Security Notice 5410-1 - Lenny Wang discovered that NSS incorrectly handled certain messages. A remote attacker could possibly use this issue to cause servers compiled with NSS to stop responding, resulting in a denial of service.
024993daf9b959e9075f012157b05fdba5d56fc13c1c2804f9ed1a134b8f5c7a
Ubuntu Security Notice 5259-3 - USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. Florian Weimer discovered that Cron incorrectly handled certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service. It was discovered that Cron incorrectly handled user input during crontab file creation. An attacker could possibly use this issue to cause a denial of service. It was discovered that Cron contained a use-after-free vulnerability in its force_rescan_user function. An attacker could possibly use this issue to cause a denial of service.
2c9318e69fe86c3b063c4d4569574e3f0fdc2dd430d0ba5c56dd3604970268db
Red Hat Security Advisory 2022-2143-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include a privilege escalation vulnerability.
1dd78cb5010aa67cb26eff9ab41d5b5ae1a7ad9e25239eb7b903a1f4ebbc32e5
Ubuntu Security Notice 5409-1 - It was discovered that libsndfile was incorrectly performing memory management operations and incorrectly using buffers when executing its FLAC codec. If a user or automated system were tricked into processing a specially crafted sound file, an attacker could possibly use this issue to cause a denial of service or obtain sensitive information.
db49ce893a7be6cad7941c2b0f489619a410cae85847f76f25e81325e7aa9ef0
Red Hat Security Advisory 2022-2043-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API.
e108f148a1af54fb45ba9b223d0fd6dc59250d1e1df679442e56a5005bfb99b4
Red Hat Security Advisory 2022-1861-01 - Maven is a software project management and comprehension tool. Based on the concept of a project object model, Maven can manage a project's build, reporting and documentation from a central piece of information.
249a471578a0e166c1bf04bd49be0dfb3e83c87515228add2979407259b40218
Red Hat Security Advisory 2022-1810-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow and denial of service vulnerabilities.
ed90db77dc4754094e0035cc37fe0c1e014c1073c5cdaae5a6cd9da78e2c94da
Red Hat Security Advisory 2022-1891-01 - The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Issues addressed include a man-in-the-middle vulnerability.
c9a7296d1a71246f4b2d4b8532ac64f74c709cf24b40b9e1ce43a8d61aa3d537
Ruijie Reyee mesh routers with ReyeeOS version 1.55.1915 EW_3.0(1)B11P35 and EW_3.0(1)B11P55 suffer from a remote code execution vulnerability.
9905dae507eb8530625d18dd769fb31462b102ba1ef93e4d98767d53ee920b23
Red Hat Security Advisory 2022-1793-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
ba73cb076e2c93a730d5c8be5374efa35feae9e9c237d929b45b58e4214a5b2a
Red Hat Security Advisory 2022-1988-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, information leakage, integer overflow, memory leak, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
37a2bc5df5427ed04000a8d10823bd2aed8f25a960acdbe741e5cfa028d617df
Ubuntu Security Notice 5408-1 - Petr Menšík and Richard Johnson discovered that Dnsmasq incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or expose sensitive information.
c554abd3b87cedcca8fb710f87269836e34176f35f87a48972d115b1baeadfb0
Red Hat Security Advisory 2022-1759-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, integer overflow, null pointer, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
cf2c26724e7650e1aeb0964cd78478438588a1ed37ddff36eb738dc4866cc442
Red Hat Security Advisory 2022-2120-01 - The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell, but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions, a history mechanism, and more.
cad6b69e64623ac3d744ea4e012aea789f4ebb8fab7d528559b72331b27bbf9e
Joomla SexyPolling version 2.1.7 suffers from a remote SQL injection vulnerability.
24467bea113b84b81b21b6432a86a6b8f1a19434f5022bdee1963531502e80e0
Red Hat Security Advisory 2022-1964-01 - Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet for retrieval. Then Fetchmail forwards the mail through SMTP so the user can read it through their favorite mail client. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.
56a9423de5b90a5b76974fef202cb8350dc94cd1c401b9fb36ecb0edbd6e7fed
Red Hat Security Advisory 2022-1934-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include an open redirection vulnerability.
cd22467c5deb02cfb2a99534037b75de668bae052a0c6acc812a499eab8dc198
Red Hat Security Advisory 2022-2110-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
78a5d3eabf050e4cfed97bbd2723a1ba8f9280371bd305e134463c7ed7c9afb2
Red Hat Security Advisory 2022-2074-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include information leakage and null pointer vulnerabilities.
2d52674dfcaed1f26597914b479f44cf4035e5edfcf4d33b36ee71c6d642ddce
Red Hat Security Advisory 2022-1679-01 - New Cryostat 2.1.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes as well as security issues being addressed.
666cf4c0aa77f72ac31f23b9f9d974267e3b3c18f0cc58fb4f29f1e839a1f3e8
WordPress Blue Admin plugin version 21.06.01 suffers from a cross site request forgery vulnerability.
565e1dfee9a847dbd07998efdff9ee95a2f3f8e9796f37efdf64ce435d785ed9