This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware Version <= 8.0.1.008 and Load Balancer Firmware <= v5.4.0.004 by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.
ada1acb74888da1ee068093d1bfd8b3f3fa7cbe886c53bffebec80de7451a35e
WordPress Ultimate Product Catalog plugin versions 3.9.8 and below suffer from a remote unauthenticated blind SQL injection vulnerability.
5bacab668e9242da4ccd6ac7578697bc74b3ca2afbaf088e2ffe1dba9f652000
Linux ARM/ARM64 architectures suffer from an arbitrary memory read vulnerability in perf_event_open().
d93d6ea3ad561c8f7d1736c08ffd738028f0f1563210cd2723d3dd9167a9b0bc
Exponent CMS version 2.3.9 suffers from a cross site scripting vulnerability that allows for user account addition.
423cf5f16e0bc3e2b68f98c0ffbfb9ff0056a53477952e4c8a5336cbd334fcf1
Zortam Media Studio version 20.60 suffers from a buffer overflow vulnerability.
60f4ac036146a9137d475523420c506dc7dcbe9ef06f4a36f384d1f5d5bb0db1
Debian Linux Security Advisory 3633-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.
69e2b39b3913e68cc3897dadfc8422de8be200cf50452bcb270d6b48048d7d24
Saveya suffers from a malicious script insertion vulnerability.
5551173a26e0ebd8d02b44aefec2da15f69c5fefb72772e0228d85ebfaa58bcc
Zoll Checklist version 1.2.2 suffers from a malicious script insertion vulnerability.
eded9a2d4136f497a7b8aa4fc8fae14d8f6c7b0c761dd5482b1e3db648ac5264
AppArmor has a reference count leak in aa_fs_seq_hash_show that can be used to overflow the reference counter and trigger a kernel use-after-free.
aeb4adc2c9454e00e280467d5afe605088bc235c957b16c9ba2883396aeb3993
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
0ce0241330828973f5b4efee422a3760cab8ce0b41e7721c4b9fd185be1bb10b
Multiple products from AXIS suffer from a remote command execution vulnerability.
5d3626abb1ca74ae36c7f97673ca1ac0fa4274ea3398a978924fd38256827c7b
Avaya Fabric Connect VSP, under specific conditions, can accept and process specially crafted and spoofed Ethernet frames, which can lead to unauthorized access to devices intended to be secured from untrusted traffic sources. The vulnerability is caused by mishandling VLAN and I-SID indexes within the Fabric infrastructure. Version 4.1.0.0 is affected.
febf9c8d06e60cb5763c39467e3b800a3a47afa1bfb25a99e6dbc40ebfbb1519
Red Hat Security Advisory 2016-1519-01 - Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.6 release serves as a replacement for JBoss Operations Network 3.3.5, and includes several bug fixes.
9e8eda7cc87b09b7d965a2368ef110c52ca58a71169b633cc43b9d107529ee95
Debian Linux Security Advisory 3632-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.26. Please see the MariaDB 10.0 Release Notes for further details.
1034107a2809d4f21af57f0bbc38fd4ea778e2457506a9b747c59bfab574464b
LastPass version 4.1.20a on Windows suffers from some issues where the add-on works by injecting elements and event handlers into the page. The attached proof of concept will delete a given file.
251e29ebd27cfc49ad197f0294b26341778ad40b289cfd17cf8122679ada2ce7