This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a http(s) request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in Oct 2016. This Metasploit module was created by reversing a public malware sample.
7e6b9ea3c2f7098466493a6d04a3625fe49a4a591628f01dcefb67c6615f8b03The Postgres database on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has default hardcoded credentials. While some security measures were taken to ensure that network connectivity to the Postgres database wouldn't be possible using IPv4, the same measures were not taken for IPv6.
ad169956f0f3396698d40c18a3a0e55793e890d9d218704c030183521609a602The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file system into the editor. An attacker can abuse this to read arbitrary files within the allowed permissions.
2a881d9217c48b1606ec88d0bb0823e2e6d7359165db582cfbbd90943ae24f0eInsufficient input validation in the management interface can be leveraged in order to execute arbitrary commands. This can lead to (root) shell access to the underlying operating system on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.
fe9867b691ca5367a9f8e75d21f16e8f3d6804f2ad561bedd0abd524a2546349An attacker can abuse functionality provided by a script which may be run with root privilege in order to elevate privilege on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.
541cc742cf8744931b966ccfc14ec82005cd85e4a6e1bff7ce5f93c7ba245576Due to lax filesystem permissions, an attacker can take control of a hardcoded sudo path in order to execute commands as a privileged user on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.
3f138413d3ee07b7fb98c0ec9430dcebbf62f40cd8ffb3fa592f0455512444f9Slackware Security Advisory - New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
4dc0c7f616e5a08691f41b50024d5cde24ec3fc8bee6bd91a0d897bf20523babSlackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
8ebef10dc26715edf05044fa1397cb02c9aaa68b0b15d9b0882c1f4e80053a4aSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 to fix security and stability issues.
2a732aa4a2ed6b992aaa7d7b95620a3bc6749f1b0ba8f4a80225c274701c4d46The DAX2API service installed as part of the Realtek Audio Driver on Windows 10 is vulnerable to a privilege escalation vulnerability which allows a normal user to get arbitrary system privileges.
648ba1e2f3e829a53ac3a224f73958fcb62fd2097a728a0530b0740b66b425dcThis Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Disk Sorter Enterprise version 9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
866e21d79501ea487d559431b3368082a2de3dd683255e5247782c95b4d89bddThis Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability.
fdde35982e5ae8f4f3cfc494b6eb51af6b81f5d276ee9db4ad67d0db0267baf2Red Hat Security Advisory 2017-1119-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 151. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
8033dc25cd5c092a94214c33b3def6150039e9911ab2e1d9863ae8c3e1b8755eRed Hat Security Advisory 2017-1117-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 131. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
dda9c2f8caefd595e4c56cbc4ad839f73919c439cdcce475c7dcabd9d6a1ccffRed Hat Security Advisory 2017-1118-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 141. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
01ab25f8082a2a3af9b96248e029bdfd55d2e3b74b4bfeebbb3567c2cbb08be5The gnome-keyring-daemon is vulnerable to local credential disclosure as it leaves credentials accessible in memory.
6697cd1cd04eb6ae92213c8cfaf4b457d5ddee242e09603a1e96f9336687274c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed