This Metasploit module exploits a command injection vulnerability in MajorDoMo versions before 0662e5e.
a64c3d5f624bfad203f1e2566417514a7d618f792becc950fdc3d537aaa74a64This Metasploit module chains an authentication bypass vulnerability and a command injection vulnerability to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x prior to the vendor mitigation are vulnerable. It is unknown if unsupported versions 8.x and below are also vulnerable.
235751e74f9357d3f5aa7ff467bad9f4d651f9abdd57e2b7b20c332ee6e579faPacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
a94047116abd15e4d8424e3d8efb27871ba3c8e9f0d4426d64137bef92318a8dGentoo Linux Security Advisory 202401-26 - Multiple vulnerabilities have been found in Apache XML-RPC, the worst of which could result in arbitrary code execution. Versions less than or equal to 3.1.3 are affected.
e5a4b01ce01a0da4be625d294152099c16e3fe042a0e485ff40acb81e736e82aUbuntu Security Notice 6587-2 - USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code.
a2f2ac645eb8776253c7cf930c98b38768999c8680aec52b641d1aada93ccae6Ubuntu Security Notice 6591-1 - Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address this issue. They are not enabled by default for backward compatibility.
cd5cc57d32efc49d552e07491f59c17b34bb117d5119591cdbe4d6acf87220b6EzServer version 6.4.017 remote denial of service exploit.
40ce8670718260143aeca22be1ac711053e5e38099e4a63a2f3ae0d2e32e8784xbtitFM versions 4.1.18 and below suffer from remote shell upload, remote SQL injection, and path traversal vulnerabilities.
ef1507c81f76ecec6734de5bc13c14f9dd0d27fd26b16cae52e43d8b56f7e84bGolden FTP Server version 2.02b remote denial of service exploit.
db9661030d63a67fedd89939619feabe045fe616d1085e8aebb060bf84a876d1In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts include tcptraceroute, tracepath, traceproto, and traceroute-nanog. Version 2.1.3 addresses this issue.
eee3332e9c084609d76f6804cef55683b3ac0269232445ffe0616c2e821e1a45TrojanSpy Win32 Nivdort malware suffers from an insecure permissions vulnerability.
07b40fbb6021397864a451ae058f9ce4a25bc6a349ce285a033ab5429f0d1070ProSysInfo TFTP Server TFTPDWIN version 0.4.2 remote denial of service exploit.
66e786abe148913defa36dbcbc0f63c2c1443710ace4366f5ef9f1c49191452cRed Hat Security Advisory 2024-0310-03 - An update for openssl is now available for Red Hat Enterprise Linux 9.
d0396378dbfbc86737348e88da6a5be9ca8812adb6f269f14e35deccf3f3cee5Red Hat Security Advisory 2024-0273-03 - Red Hat OpenShift Virtualization release 4.12.9 is now available with updates to packages and images that fix several bugs and add enhancements.
7d6dc48a300a56764286234cc29b8a38012a8f5f7ce3342fa362205027d419feRed Hat Security Advisory 2024-0271-03 - There is a moderate update for the the Logging Subsystem 5.8.2. Red Hat OpenShift security update.
c46cb48839bc4c6e2164b921ecb268f81706c37c46db59aa937e72ac6858f6c8Red Hat OpenShift security update. Issues addressed include a file disclosure vulnerability.
ee60938615c80cda4549885ca7b9234cdff737ddeef22c46e29e5b027a2f4ad5Red Hat Security Advisory 2024-0204-03 - Red Hat OpenShift Container Platform release 4.14.9 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
13c452422b7d390cd40733ec7dd5ef03b1bcdc41397d15a90f041d64ae8f0ae5Red Hat Security Advisory 2024-0198-03 - Red Hat OpenShift Container Platform release 4.12.47 is now available with updates to packages and images that fix several bugs and add enhancements.
a50f43d5a01136740b2ffd6b0cd23e289f41546ac9d11ca66a3284f5669554a5Red Hat Security Advisory 2024-0193-03 - An update is now available for Red Hat OpenShift Container Platform 4.13.
7d73569ecbfbdf3744880535a156eae4437e33c9a0cb07c053342f205027bf56
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed