This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.
0be0198fd35b0f082fb3872672e7f1dbe40db0a2ae2abc971e5936c264d03b3b
Red Hat Security Advisory 2015-1508-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
00824dcce64f6db1345af18546421048f71ab7526a400efd8f3eb27dfb3700df
Red Hat Security Advisory 2015-1507-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
ddef7cd95b5ec264096b359446cefb22c25ef8d746777a0c5f1cc22a1c3f642f
Debian Linux Security Advisory 3318-1 - Multiple integer overflows have been discovered in Expat, an XML parsing C library, which may result in denial of service or the execution of arbitrary code if a malformed XML file is processed.
83ddc7aa74dbc651b8f2b3677ef0e97369412cc6d8bc40e4acca028111d494cf
Debian Linux Security Advisory 3317-1 - Several vulnerabilities have been discovered in LXC, the Linux Containers userspace tools.
0c757887b859f350dc7059ceb18c56f376fff07f6d2055c9c9184bfdc54423ec
Debian Linux Security Advisory 3316-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.
77f6084f42e84ac99b7ceff809ccb976e89d5a9bf14710928cf2e5b55b224527
Red Hat Security Advisory 2015-1499-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromium users should upgrade to these updated packages, which contain Chromium version 44.0.2403.89, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
0b2bd46b245d90c8db3e033a85a7c5353db15fc1209d1b13c6e35cb3d470205f
Seditio CMS version 1.7.1 suffers from an open redirect vulnerability.
2ff996b84f5e2517c42761313b4f6b91deae750fa6ae089104e6d04642bfc884
PHP File Manager suffers from cross site request forgery, cross site scripting, backdoor, file check, remote shell upload, and various other vulnerabilities.
fdce4b71d80c857ab7c7314a383b0e1455af501dd6b040a30a6b5b7e8582ae3b
XenForo versions 1.4.9 and below suffer from a cross site scripting vulnerability.
5d38872663e90c1322bb0e4199d9762f1f981af682bd046d78e6ef57fd238678
Python code that provides a reverse TCP shell.
1fcc71b39d612ebdffeef62541bdc403a023c65238677035f5058a17e34b39cd
WordPress Unite Gallery Lite plugin version 1.4.6 suffers from cross site request forgery and remote SQL injection vulnerabilities.
35ca2d59e923c4dcfa102cae5ca95a5f2022862e2a8f048b21905f0568781656
WordPress Music Store plugin version 1.0.14 suffers from an open redirect vulnerability.
39a735fe34395a13d85f4a7c0131dc3a9ee60a7573410b4205e3a12eaf6b2d36
An integer overflow exists in the System.DirectoryServices.Protocols.Utility class of the .NET Framework. Triggering this issue results in an overflown integer that is used to allocate a buffer on the heap that is too small, resulting in memory corruption. Exploiting this issues appears to be difficult. Consequently, Microsoft has decided to not release a security bulletin.
1afa865b50719d016f840d929f46021c297eaaf847046ef8e5bb08fa3a10902d
QNAP TS-x09 Turbo NAS suffers from a cross site scripting vulnerability.
ab18c8b11eafa38f69dcfdc61dd73eeb55ad959a3b1d45edb7008ded708d8650
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
6542598e741ffca6954061fecedaa2526e5eebf562bfebc759aa5f92e7013f60
Hawkeye-G version 3.0.1.4912 suffers from multiple cross site request forgery vulnerabilities.
7bbb160cd6f98012e50825f8a96af7faf9af19a17a8380a6210306d6c3405ae3
Ubuntu Security Notice 2685-1 - A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. Various other issues were also addressed.
ff91b08028ce0d9cbb795da024396ec409ee5bce6874e42ac288d5806e460cc5
Debian Linux Security Advisory 3315-1 - Several vulnerabilities were discovered in the chromium web browser.
cb3dc0da6f78a83ee1bcb3ccd48f19bc839d73342fdcf21a35855718da9468f6
In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.
5f8a24055c7eacceccce25d80da65ff0a662a967a7f926c2fe621369f5e41ae2
The libuser library implements a standardized interface for manipulating and administering user and group accounts, and is installed by default on Linux distributions derived from Red Hat's codebase. During an internal code audit at Qualys, they discovered multiple libuser-related vulnerabilities that allow local users to perform denial-of-service and privilege-escalation attacks. As a proof of concept, they developed an unusual local root exploit against one of libuser's applications. Both the advisory and exploit are included in this post.
8ca265d19600f642e0b8538ca2edb894bbc57f28b26136e6f5ea36ae5e348827
Gentoo Linux Security Advisory 201507-22 - A heap-based buffer overflow in e2fsprogs could result in execution of arbitrary code. Versions less than 1.42.13 are affected.
ddc8103bc71b08b45094bb3fe6afa051609d7d51323034812601d3b47eae2d13
Debian Linux Security Advisory 3313-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
2e58c4b602469b6006a0a897b4f48fb0ecef8c77468fcfdd3958ced23f009b86
Red Hat Security Advisory 2015-1488-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
8f436bf84679e66da54f12816d6bf2a4d760e738018e00154e0c1955a13a4f73
Red Hat Security Advisory 2015-1483-01 - The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root.
806b8529b5f262df0eb3996cae8fc333c0297362a681fc94c95f49756eee762e