This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 1.3.7 and below. The vulnerability is exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php endpoint. The exploit makes use of a neat technique called PHP Filter Chaining which allows an attacker to prepend bytes to a string by continuously chaining character encoding conversions. This allows an attacker to prepend a PHP payload to a string which gets evaluated by a require statement, which results in command execution.
1feecca12306422ebe993c3821d87be77ad3056e719f9dcbae7c033f156e447f
This exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected (default all).
a5fbba3600698942b6e9fdfb81bf552aec7d2529c1415dbf0234d6081449a4c1
Debian Linux Security Advisory 5602-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. An exploit for CVE-2024-0519 exists in the wild.
45e1bf24562fc069454170dc81c0c1b115ade42f764860a6f6a63c8ba8f0f761
Ubuntu Security Notice 6588-1 - Matthias Gerstner discovered that the PAM pam_namespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service.
01b72c7835037ae651f0e64333340d75271e1c9cf94dfe7c92d80f644b525526
mqXSS is a client to communicate with XSS hooked browsers over MQTT. Similar to xsshunter or beef, mqxss allows interaction with remote browsers that have been injected with a XSS payload. However, instead of having the victim connect back to your server they connect through a Secure Websocket MQTT broker instead. This tool facilitates the JS payload generation and interaction with hooked browsers that communicate over WSS MQTT brokers.
8896d3a6c195fd964e3ba8e5a991dcb72d8c6488f787f595e2d0fca71fec9ad8
SpyCamLizard version 1.230 remote denial of service exploit.
a7873c3ae31f00a2db87aa16898d36176fa4e56ef20e5000f29595ea163d98f1
Ubuntu Security Notice 6559-1 - It was discovered that ZooKeeper incorrectly handled authorization for the getACL command. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Damien Diederen discovered that ZooKeeper incorrectly handled authorization if SASL Quorum Peer authentication is enabled. An attacker could possibly use this issue to bypass ZooKeeper's authorization system. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04 and Ubuntu 23.10.
534b6c013d7713c3db3c8290512cdb776320bf30fcdd91612968f64217ae7077
An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. A buffer over-read exists in the dtls_sha256_update function. This bug allows remote attackers to cause a denial of service (crash) and possibly read sensitive information by sending a malformed packet with an over-large fragment length field, due to servers incorrectly handling malformed packets.
cbd23d5e5c03a89b7797b1140a3998118f6627b3823c690bdae65a977b7770e9
An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).
db8a0bf96f7883a8a21b7027f42157c985e59fe2bbc26de4705dacefa635eccf
An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. An assertion failure in check_certificate_request() causes the server to exit unexpectedly, resulting in a denial of service.
860a30d6b1aa58e5dc58161f2acf23b5acba868a0821683f71b804cf74409a1c
An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. Incorrect handling of over-large packets in dtls_ccm_decrypt_message() causes a buffer over-read that can expose sensitive information.
fcd7f90fba43be1f60b391164b0ba2a0e19f793b3291f3ea45d6c373dadd81b8
An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information.
846b82fbb5e4c16ada129d3f8122d5e00f7c07ffd7830416cb4698d8fd258206
An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops.
e1244689736de9338e92f0ce31592afd33da836f554ad8dfaf50a9775596ca5b
An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service.
d23467a0c344b00cea5d67a8d7ebffd0d3109291ffebc872fa9a3524ff53213a
Redis raft versions master-1b8bd86 to master-7b46079 were discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.
586772289785921cd60806511eb653c014c7a2c3992c9b9729e80b45a626043f
Legends of IdleOn suffers from use of an insecure random number generator that can be replaced by a malicious user.
a9e5118b86a88a1079be435c411c2d75118a0770946b0e8811a6c1535ed7b9ea
Red Hat Security Advisory 2024-0279-03 - An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
aa36516f4accc3597cd90449f3ae812bdb83a42ee3e7911f9cabc34b191a1bd9
Red Hat Security Advisory 2024-0278-03 - Red Hat AMQ Broker 7.11.5 is now available from the Red Hat Customer Portal.
0e907deff5622c361514f18be2b94658cc2f981624236674841748d0ed5b0f6a
Red Hat Security Advisory 2024-0267-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.
25472340c13cb9f4577a8912a5d95f63053995c70bd7bf78286806e9369f1664
Red Hat Security Advisory 2024-0265-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.
4bad16c511dcb29dee9422cff81de79c13f07ff10c55612fca6ee2648f96535d
Red Hat Security Advisory 2024-0250-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.
3d64b9219f0a129f2cd7100b5fbe77fa4333cb34021bf2eac88faf1709e81e78
Red Hat Security Advisory 2024-0249-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution and out of bounds access vulnerabilities.
a6281db3e40b4796c934f9b79123fe125b43a8258bb4f9ea04c34fbc1a8e1b0b
Red Hat Security Advisory 2024-0248-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution and out of bounds access vulnerabilities.
a744bc3e2917c7be87ba3de0c18a7c511146043ba0cbced3376d73d6bf7fc44a
Red Hat Security Advisory 2024-0247-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.
043dea53dc4a46c72e529bbddf23d3b06cbaff15ae4515b6132ca3e8bb86aa8f
Red Hat Security Advisory 2024-0246-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.
d715f9407ae46af18833312453df03daaa7e1d3e5d62cc8a622e469ecd6b94aa