This Metasploit module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account and then adds an SSH key to the authorized_keys file of the chosen account, allowing you to login to the system with the chosen account. Successful exploitation results in remote code execution.
818eeb4d404c8cde2ab69451948a6037ca08bef60e2be65eb6fe9ed9d7ef0e7dThis Metasploit module exploits a vulnerable sudo configuration that permits the Zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell.
60ec0dcab5b58dbebac7ed6c99c5cf1fb52f76e5b1a5f3723089e823fc252948Debian Linux Security Advisory 5258-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in exposure of sensitive information in the cache manager (CVE-2022-41317), or denial of service or information disclosure if Squid is configured to negotiate authentication with the SSPI and SMB authentication helpers (CVE-2022-41318).
f3b4eb1c92d3973ac7151f1b24e5a46e0b1db5652de81f29d3a0035d4c166661Ubuntu Security Notice 5688-1 - It was discovered that an integer overflow could be triggered in Libksba when decoding certain data. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
b0abcccfc86379627f6dd1f0513c2920b83e6c63b8b82c5298456cfc5ed67026AVS Audio Converter version 10.3 suffers from a stack overflow vulnerability.
ec7347cd5f5d10a2cede7312e6e56ccaf9f1bf87ea591e7fb790a119da8b4db7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed