This Metasploit module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager (apt, yum, etc.) to perform package updates and installation. Due to a lack of input sanitization, it is possible to inject an arbitrary command that will be concatenated to the package manager call. This exploit requires authentication and the account must have access to the Software Package Updates module.
40335e81c5e1920c59b3fa7d7b9555cf342eefb7151f937070f230f69f2b8ee3This Metasploit module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
1f2fa01d64e190544e661f442158ebf1f08cb719c08299334a3fc484cc386cd2AirSpot 5410 versions 0.3.4.1-4 and below suffer from an unauthenticated remote command injection vulnerability.
0453a46f41ec4c59c37a44bb644827c11fe0d7e8677419a16aefa00836c95383Sophos XG115w Firewall version 17.0.10 MR-10 suffers from an authentication bypass vulnerability.
caaaf298385288773c3e71845cbf340e5bbbc9ab2655ac84f91e638760b5551aUbuntu Security Notice 5562-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
c885f38b774059929fa7229f706f1468b065d9a0e066149d46b5f404b4fda36cUbuntu Security Notice 5559-1 - It was discovered that Moment.js incorrectly handled certain input paths. An attacker could possibly use this issue to cause a loss of integrity by changing the correct path to one of their choice. It was discovered that Moment.js incorrectly handled certain input. An attacker could possibly use this issue to cause a denial of service.
fe596b86b638bc47b0fe957f167ddfe79c05169fb8234a0b5b8b4d39d00df4e2Ubuntu Security Notice 5561-1 - It was discovered that GNOME Web incorrectly filtered certain strings. A remote attacker could use this issue to perform cross-site scripting attacks. This issue only affected Ubuntu 20.04 LTS. It was discovered that GNOME Web incorrectly handled certain long page titles. A remote attacker could use this issue to cause GNOME Web to crash, resulting in a denial of service, or possibly execute arbitrary code.
9973ace527cbf32f5526f709c8f797db2c055203bb74e2e7b0d7f3b387c1dd77Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.
c2604c1404ab92e0e038e4eeaeed4c184a896885e1b0fbbc3ef5ae6df328db80Ubuntu Security Notice 5560-2 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
9074f1f7178d2158077da7331b9b96dca3ab1875c317daaedb241651b9c2b8e3Ubuntu Security Notice 5560-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
a156f85855d3dfab07d60c5d05ef3c9ea3d5a70c935227a3feb4443ce0a5e57aRed Hat Security Advisory 2022-6038-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
13d3ef77bac94846f6eddc57a82517b000d17a3b9df85470a20d94c6ac7a2ce7Red Hat Security Advisory 2022-5068-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.
30e00d08c07434f6fc92069d48ab3c33166cfe75f5097f3b4aae5ca92fe1476eRed Hat Security Advisory 2022-6037-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.
eb359556b2f782d9ef41c42f17b0ac04f90433a610b45f780b90911bb1e31f1dRed Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.
e7b215852adbc1951046d56f7036f6b75803672b4422c7ce6cb43592abad6003Ubuntu Security Notice 5558-1 - Zhao Liang discovered that libcdio was not properly performing memory management operations when processing ISO files, which could result in a heap buffer overflow or in a NULL pointer dereference. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.
1d6a495bf2cef207e4a430fe621479724aa8eac3fc97c8aee7146d1c085ad4b5Gentoo Linux Security Advisory 202208-11 - A vulnerability has been discovered in pam-u2f which could allow a local attacker to bypass PIN entry. Versions less than 1.1.1 are affected.
b822ab1fb862c7ae71bd1170a063818eb2b4229a42de540cf20332ae8ba1d2e6Gentoo Linux Security Advisory 202208-6 - Multiple vulnerabilities have been discovered in lxml, the worst of which could result in denial of service. Versions less than 4.9.1 are affected.
6d9496250c6b1be096da8fdfc2ddf483123bdd7eda3323ea9efa66b39b901e0aGentoo Linux Security Advisory 202208-12 - Multiple vulnerabilities have been discovered in mdbtools. Versions less than 0.9.3 are affected.
e08a3105438b7ee38c717a5f7298359df5f8a1293413dcdafdd36e5d46cf6a45Gentoo Linux Security Advisory 202208-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0 are affected.
f184d188e33d6d6de8f9f81306f8ff465c4a27f70f5f59cd68ea9a662b3e9fbbGentoo Linux Security Advisory 202208-10 - Multiple vulnerabilities have been found in Spice Server, the worst of which may result in the remote execution of arbitrary code. Versions less than 0.15.0 are affected.
8fe4c7d61314a86aefd52fe0d33ab444d5c54474fddc49b1423bcd52ebb852adGentoo Linux Security Advisory 202208-7 - A buffer overread in LibRaw might allow an attacker to cause denial of service. Versions less than 0.20.2 are affected.
9414a94e678145470481e7cc868d7e162d239d1b42e3791f8cf15db44e64c3b2Gentoo Linux Security Advisory 202208-8 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0:esr are affected.
fc4c6986e8aede7a5e8bb420e78fe9cd1f9dfa569ec3d07e1e623b50bbd053b8Gentoo Linux Security Advisory 202208-13 - A vulnerability in libass could result in denial of service. Versions less than 0.15.1 are affected.
1388af97b30cdbb2b63a31b0850f5ea0e3695f0a9efdf5d86a0736c6e799ea54Gentoo Linux Security Advisory 202208-9 - Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service. Versions less than 1.9.17 are affected.
bd7d7988fa234190975e9fd8fcaaf69efde7aa9b404976582474894dfe9fee0eRed Hat Security Advisory 2022-5997-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. Perf Tools is a collection of performance analysis tools, including a high-performance multi-threaded malloc() implementation that works particularly well with threads and STL, a thread-friendly heap-checker, a heap profiler, and a cpu-profiler.
c49df8477f0fd11893bf5b70ef0b2fe8b05249efa55854768c41ecb341eb3571
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed