This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 1.3.7 and below. The vulnerability is exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php endpoint. The exploit makes use of a neat technique called PHP Filter Chaining which allows an attacker to prepend bytes to a string by continuously chaining character encoding conversions. This allows an attacker to prepend a PHP payload to a string which gets evaluated by a require statement, which results in command execution.
1feecca12306422ebe993c3821d87be77ad3056e719f9dcbae7c033f156e447fThis exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected (default all).
a5fbba3600698942b6e9fdfb81bf552aec7d2529c1415dbf0234d6081449a4c1Debian Linux Security Advisory 5602-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. An exploit for CVE-2024-0519 exists in the wild.
45e1bf24562fc069454170dc81c0c1b115ade42f764860a6f6a63c8ba8f0f761Ubuntu Security Notice 6588-1 - Matthias Gerstner discovered that the PAM pam_namespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service.
01b72c7835037ae651f0e64333340d75271e1c9cf94dfe7c92d80f644b525526mqXSS is a client to communicate with XSS hooked browsers over MQTT. Similar to xsshunter or beef, mqxss allows interaction with remote browsers that have been injected with a XSS payload. However, instead of having the victim connect back to your server they connect through a Secure Websocket MQTT broker instead. This tool facilitates the JS payload generation and interaction with hooked browsers that communicate over WSS MQTT brokers.
8896d3a6c195fd964e3ba8e5a991dcb72d8c6488f787f595e2d0fca71fec9ad8SpyCamLizard version 1.230 remote denial of service exploit.
a7873c3ae31f00a2db87aa16898d36176fa4e56ef20e5000f29595ea163d98f1Ubuntu Security Notice 6559-1 - It was discovered that ZooKeeper incorrectly handled authorization for the getACL command. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Damien Diederen discovered that ZooKeeper incorrectly handled authorization if SASL Quorum Peer authentication is enabled. An attacker could possibly use this issue to bypass ZooKeeper's authorization system. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04 and Ubuntu 23.10.
534b6c013d7713c3db3c8290512cdb776320bf30fcdd91612968f64217ae7077An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. A buffer over-read exists in the dtls_sha256_update function. This bug allows remote attackers to cause a denial of service (crash) and possibly read sensitive information by sending a malformed packet with an over-large fragment length field, due to servers incorrectly handling malformed packets.
cbd23d5e5c03a89b7797b1140a3998118f6627b3823c690bdae65a977b7770e9An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).
db8a0bf96f7883a8a21b7027f42157c985e59fe2bbc26de4705dacefa635eccfAn issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. An assertion failure in check_certificate_request() causes the server to exit unexpectedly, resulting in a denial of service.
860a30d6b1aa58e5dc58161f2acf23b5acba868a0821683f71b804cf74409a1cAn issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. Incorrect handling of over-large packets in dtls_ccm_decrypt_message() causes a buffer over-read that can expose sensitive information.
fcd7f90fba43be1f60b391164b0ba2a0e19f793b3291f3ea45d6c373dadd81b8An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information.
846b82fbb5e4c16ada129d3f8122d5e00f7c07ffd7830416cb4698d8fd258206An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops.
e1244689736de9338e92f0ce31592afd33da836f554ad8dfaf50a9775596ca5bAn issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service.
d23467a0c344b00cea5d67a8d7ebffd0d3109291ffebc872fa9a3524ff53213aRedis raft versions master-1b8bd86 to master-7b46079 were discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.
586772289785921cd60806511eb653c014c7a2c3992c9b9729e80b45a626043fLegends of IdleOn suffers from use of an insecure random number generator that can be replaced by a malicious user.
a9e5118b86a88a1079be435c411c2d75118a0770946b0e8811a6c1535ed7b9eaRed Hat Security Advisory 2024-0279-03 - An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
aa36516f4accc3597cd90449f3ae812bdb83a42ee3e7911f9cabc34b191a1bd9Red Hat Security Advisory 2024-0278-03 - Red Hat AMQ Broker 7.11.5 is now available from the Red Hat Customer Portal.
0e907deff5622c361514f18be2b94658cc2f981624236674841748d0ed5b0f6aRed Hat Security Advisory 2024-0267-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.
25472340c13cb9f4577a8912a5d95f63053995c70bd7bf78286806e9369f1664Red Hat Security Advisory 2024-0265-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.
4bad16c511dcb29dee9422cff81de79c13f07ff10c55612fca6ee2648f96535dRed Hat Security Advisory 2024-0250-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.
3d64b9219f0a129f2cd7100b5fbe77fa4333cb34021bf2eac88faf1709e81e78Red Hat Security Advisory 2024-0249-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution and out of bounds access vulnerabilities.
a6281db3e40b4796c934f9b79123fe125b43a8258bb4f9ea04c34fbc1a8e1b0bRed Hat Security Advisory 2024-0248-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution and out of bounds access vulnerabilities.
a744bc3e2917c7be87ba3de0c18a7c511146043ba0cbced3376d73d6bf7fc44aRed Hat Security Advisory 2024-0247-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.
043dea53dc4a46c72e529bbddf23d3b06cbaff15ae4515b6132ca3e8bb86aa8fRed Hat Security Advisory 2024-0246-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.
d715f9407ae46af18833312453df03daaa7e1d3e5d62cc8a622e469ecd6b94aa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed