360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
2bc30c25d297336c3d2b383f599609fa2ba001b03cc737591a6fc4e4c09e185bThis Metasploit module exploits an arbitrary file upload vulnerability found within the Up.Time monitoring server 7.2 and below. A malicious entity can upload a PHP file into the webroot without authentication, leading to arbitrary code execution. Although the vendor fixed Up.Time to prevent this vulnerability, it was not properly mitigated. To exploit against a newer version of Up.Time (such as 7.4), please use exploits/multi/http/uptime_file_upload_2.
3a747350c98cce69fa71e25b346c4de32b1a03a8ca5d876cf4c6dd0be8365fbcThis Metasploit module exploits a vulnerability found in Uptime version 7.4.0 and 7.5.0. The vulnerability began as a classic arbitrary file upload vulnerability in post2file.php, which can be exploited by exploits/multi/http/uptime_file_upload_1.rb, but it was mitigated by the vendor. Although the mitigation in place will prevent uptime_file_upload_1.rb from working, it can still be bypassed and gain privilege escalation, and allows the attacker to upload file again, and execute arbitrary commands.
e4c4f677632b91ee1052cfd06295ff58c8b4598033272f0dde8231ba8fb27720This Metasploit module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9
3d697e9884f896d99ec27c73b56469d04ac0450703c51290468ce41cd7c38ae0Debian Linux Security Advisory 3395-2 - Marc Deslauriers reported that the update for krb5 issued as DSA-3395-1 did not contain the patch to address CVE-2015-2697 for the packages built for the oldstable distribution (wheezy). Updated packages are now available to address this issue.
6cbc0c63e8ebd0d23b43b85f63ec54c5b64643fa00f766a03f60b88af61652d5Tails versions 1.6 and below suffers from an information leak vulnerability via a symlink attack.
4bc182b9191120b13aafd944de470614c5ad8a118056b97853287258da456e0fb374k web shell versions 2.8 and 3.2.3 suffer from a cross site request forgery vulnerability that allows for remote command injection.
7a3f5f494c2b27e756fd6b73c4b14796921e7612b045ce5d5b218e90626c8178This bulletin summary lists MS15-115 which has undergone a major revision increment.
d0ffd6187f0106f237ef91ecfd5e6539df275b7d3c1ff371c528a968dc5838a4OpenBSD net-snmp suffers from a credential and information disclosure vulnerability.
a80d494deb52dc8a57e8c8f3a438e4dc2e1095c1a787fbcd33b9d4404d060cacTUDU versions 0.82 and below suffer from a buffer overflow vulnerability.
83d68c94f65a0c6a83f7c6cea1eec4c53d6e68e59bdfdbb19fb361e7ece3a0d3TACK versions 1.07 and below suffer from a buffer overflow vulnerability.
7a22ef85875781a10dfe0095384f3a4b53d4b4596ef11747a0cf7e01b917b59aThe WordPress i1.wp.com site can be abused to make arbitrary HTTP requests to other sites.
d25015a788fa798b28a2ffdfe2bbbcbd4e799a8d1d498442d16b1d02adf43af7A vulnerability exists managing a shadow stack in ESET Antivirus. It allows complete remote root/SYSTEM command execution on all ESET platforms and products.
54e383e693089b91935fe984c9f900208e8ba9545096a2ebbf8cb88081990c3bSam Spade version 1.14 S-Lang command field SEH overflow exploit.
41df67192f57558444ffeab55b4679775fef44272a59521f731572d482a397d5POLLSolved version 1.5.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Support for this script is deprecated.
8d37108dc1944aac38df5b9bf07bc559d1b8b588512f97bfada3e2f3fe0ca082
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed