This Metasploit module exploits a stack buffer overflow in Disk Pulse Enterprise 9.0.34. If a malicious user sends a malicious HTTP login request, it is possible to execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account. Due to size constraints, this module uses the Egghunter technique.
f5d3f6dc506476540894b621416c7db2b2aacb69a1d4a3c010a96e3d28c89e09Linux kernel versions 4.4 and above where CONFIG_BPF_SYSCALL and kernel.unprivileged_bpf_disabled sysctl is not set to 1 allow for BPF to be abused for privilege escalation. Ubuntu 16.04 has all of these conditions met.
f1306f2352a229f463a8023d32004c95fc69e0766b3089ee18e864c38cfcb735SolarEagle version 2.00 suffers from an administrative login bypass vulnerability. MPPT Solar Controller SMART2 suffers from missing server-side authentication, unencrypted communication, and denial of service issues.
2209e8cd0ef6be57d3153d22d6a14a97ba467e2d7f11d0ee9382f5d28911748eVMware Security Advisory 2016-0019 - VMware Workstation and Fusion updates address a critical out-of-bounds memory access vulnerability.
4dcb01dc71f4c3ef8e79650ea56bdb93fd311f72d9cedc07f0802b1354a0cfbdBarco ClickShare suffers from remote code execution, cross site scripting, path traversal, and file disclosure vulnerabilities.
68027ae18296a38758ad5283401155201698ca07363404e7522e9abb2c3d266fDolphin versions 7.3.2 and below suffer from authentication bypass and remote command execution vulnerabilities.
a3bc7729982990d06aeb63a81d8dc62e185c70f5e8b4b10517cafc30d9fef6faReason Core Security version 1.1.2 suffers from an unquoted service path privilege escalation vulnerability.
7038ce4a17be84107144d9aa02073c29cc313b21e3c67734b6746fa7593d21b4CMS EditMe suffers from cross site request forgery vulnerability that allows for privilege escalation.
a527d4e9088a9100c0af9ba1b5241dd7e4b9f1d770521b92f6047a57267c2c75A specially crafted web-page can cause MSIE 11 to interrupt the handling of one readystatechange event with another. This interrupts a call to one of the various C<ElementName>Element::Notify functions to make another such call and at least one of these functions is non-reentrant. This can have various repercussions, e.g. when an attacker triggers this vulnerability using a CMapElement object, a reference to that object can be stored in a linked list and the object itself can be freed. This pointer can later be re-used to cause a classic use-after-free issue.
a298a13c199ace85ce391cd64bb90067724828fbbaf92483dc7624a141955abephpWebAdmin version 1.0 suffers from a remote SQL injection vulnerability.
daec5704e2474f3f9a0d0b7e8c92c47bb4f56ba6b95a6702ecf0421b99cde5fatxtforum version 1.0.4 remote command execution exploit.
b6867ba9f728c819474546946f3ea6fb7beade25407f8f4caaf4dd553515748fThere are a number of problems with the security model of 1Password that results in the local security model being disabled, as well as a number of security, sandboxing and virtualization features.
8489830ab99717565de0b95fb8a62e1d6228d87f421b300b6a51b34ddfeba76bApache OpenMeetings version 3.1.0 is vulnerable to remote code execution via an RMI deserialization attack.
14fd835d407717498ac3649c3d80122d8fe17e038241b3a0f82cdc72ae90739eSchoolhos CMS version 2.29 suffers from code execution and remote SQL injection vulnerabilities.
19a38feced02853fc33c552ae57c8e3f7b7de390982540a5b2f2b29e9fef496aATutor version 2.2.2 cross site request forgery proof of concept that adds a new course.
edeaafd30bd276a781e2af3947baa3ee22af8623bdfa3c720579cc2bc6a1a0adThe Microsoft Windows kernel suffers from a denial of service vulnerability as outlined in MS16-135.
5608064a4460ba56d403e729eaccc16f8c142217f04dfd4665278341d37ca2f8A vulnerability in Windows Local Security Authority Subsystem Service (LSASS) was found on Windows OS versions ranging from Windows XP through to Windows 10. This vulnerability allows an attacker to remotely crash the LSASS.EXE process of an affected workstation with no user interaction. Successful remote exploitation of this issue will result in a reboot of the target machine. Local privilege escalation should also be considered likely. Microsoft acknowledged the vulnerability and has published an advisory (MS16-137) and a patch, resolving this issue.
ede457e2a6d12a01273f1ee5e4c66f2c48cf2de28c09d56c3fd64944958fff14Red Hat Security Advisory 2016-2702-01 - The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.
6fce0b784ca078476d60f610a35307acce1cd8a2d83bebb57cb56a904a6d245dDebian Linux Security Advisory 3711-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.28.
41f298a0a271dd001dcfd761594bd49d2d5d9c6b70624698939dd5aad22b439eDigital Whisper Electronic Magazine issue 77. Written in Hebrew.
4a5e03dd4ccb103070c6613488434b1dd5608fa23700b73ba8035454968b05a1Sagem Fast 3304-V2 suffers from a credential disclosure vulnerability.
e3838d29dea73402d874547bf2c78e672753711690dc28eec5b40d984ec5f928
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed