This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user.
ed156b4196a5a0b6a6fd8e554208ebb6ce6da15417fc57d837d2b7e65c35c174MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This Metasploit module will start an LDAP server that the target will need to connect to.
d15ef16680da0566fc6f0cd17aa36d661420fd2c8fbf3f002025e66fc8acc462Ubuntu Security Notice 5545-1 - Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations.
df1ade419034de9ac52eb21a326406be8cabba33c20738622b11bea7eb141d29Ubuntu Security Notice 5463-2 - USN-5463-1 fixed vulnerabilities in NTFS-3G. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Roman Fiedler discovered that NTFS-3G incorrectly handled certain return codes. A local attacker could possibly use this issue to intercept protocol traffic between FUSE and the kernel.
129ca2bac42b3a2a63a3ac46591acf02478ace900a70c46b3768b8b76eb57862Multi-Language Hotel Management 2022 version 1.0 suffers from a remote SQL injection vulnerability.
0c11ae5ed3c1b7202d2009cb0d1807126f6bde6b8e241059c3663ab7153e0cf7IObit Malware Fighter version 9.2 fails to provide sufficient anti-tampering protection and that shortcoming can be leveraged to escalate to SYSTEM privileges.
c6e27a8d7b7645ace9a03e1d2218ca5e5bdc9d279978795484de8145fd043895
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed