IPFire, a free linux based open source firewall distribution, version prior to 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field.
f8bdea7a53ee5a4ab20fad1a03f6c2a2dfaa0823d9fec5b982ed96aa724d1965This Metasploit module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user's password supplied using HTTP basic authentication is used in a call to exec(). This Metasploit module has been tested successfully on version 2.11 RC2 and 2.13 RC1 on CentOS.
9eb1e6c5340ea76cc93256435c463b701834212afc1bee15eb34fd6f73202c7dThis Metasploit module connects to a specified Metasploit RPC server and uses the 'console.write' procedure to execute operating system commands. Valid credentials are required to access the RPC interface. This Metasploit module has been tested successfully on Metasploit 4.15 on Kali 1.0.6; Metasploit 4.14 on Kali 2017.1; and Metasploit 4.14 on Windows 7 SP1.
8ea98d2b410cde645149d0474ad59d7f8e2ce8335f863b066bd6f8eb38a90c6eTHC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
bba5cc534430055871650418688d8bd274553666faeff961389712559b5bfd4ePeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a TestServlet cross site scripting vulnerability.
6f27a9a828724a7736a1b7f2889f126f8efc3b2f3c3807b27c60ee7904f9b16eGentoo Linux Security Advisory 201707-15 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 26.0.0.137 are affected.
b54a48c947a7dfb938de79745dadfbe6833942362e61f88f02dd1ff53e7f1773Oracle Integration Gateway (PSIGW) suffers from a directory traversal vulnerability.
a928b26bb52db254d90152adf71ca5f1c3b5396816e4438de681c568e6c5aa90Oracle Integration Gateway (PSIGW) suffers from a file upload vulnerability.
d9ee0be871c0b0f0f069b8a93479455bdd763e04c083da6de4a89e7f280bc623Televes COAXDATA GATEWAY 1Gbps suffers from credential disclosure, arbitrary password change, unrestricted backup restore, and various other vulnerabilities. The vendor has notified Packet Storm that firmware version 1.03.0016 addresses these issues.
9baff8fd7ea7ecdd219dd2f97ec0f608150440181c7874a88448885e8ba30f70Ubuntu Security Notice 3361-1 - USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
a02dd5836ffae854b87f99a0c65d15d6c8e6dd7ae37fde2f48b13dc8494472d6Ubuntu Security Notice 3360-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. It was discovered that a use-after-free vulnerability existed in the performance events and counters subsystem of the Linux kernel for ARM64. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
b728a817657de92c7a8e7a3974a7db179927290da525b28390f7ffee93bfc9c8NEC Universe UM4730 versions prior to 11.8 suffers from a remote SQL injection vulnerability.
9bc22dbc596c325410c6890c434f2f7104984b425924ee7352b1260be9487f23Trustonic's Trusted Execution Environment (TEE) OS fails to perform revocation of trustlets.
5292643705b2a592ce4d79010191e3052ef98b5f67f2a9fe9356b30677b6295eApple Security Advisory 2017-07-19-7 - iCloud for Windows 6.2.2 is now available and addresses information disclosure, code execution, and various other vulnerabilities.
f6c72c4517098c3e7034d35d6ba98acffde8bf0131ee5bb5000e212e653c3fccApple Security Advisory 2017-07-19-6 - iTunes 12.6.2 is now available and addresses code execution, information disclosure, and various other vulnerabilities.
c13a5cb60055a2f9fb0fc52c32c0f5cfdd41d6b2a43d5d86a0dac83a01cd277aUbuntu Security Notice 3360-2 - USN-3360-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
dd0fe2c526143d34a107f7f383bf5197ebc0f403d7b65cfed4142a62d732f7a3Apple Security Advisory 2017-07-19-5 - Safari 10.1.2 is now available and addresses spoofing, cross origin, and various other vulnerabilities.
45581232806476f5919c8e4e4c4fdf08c450b51103777da433824e0c8b3de277Virtual Postage (VPA) version 1.0 suffers from a remote code execution vulnerability via man-in-the-middle attacks.
816fa95055239cb95ffb77c4c4aac690fbdb7a852cd92f2696db296e8f9c9146SKILLS.com.au Industry App version 1.0 suffers from a remote code execution vulnerability via man-in-the-middle attacks.
29ee0636ad9ced1631d22d05accf2192ac275e9c7db76dfbc702f6ec0720de02Apple Security Advisory 2017-07-19-4 - tvOS 10.2.2 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
798e9c95aeaa853124be2fc126e398e496507dcf41bb26e2e72c942964f741a3Ubuntu Security Notice 3359-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4c2386596faece3a8190c5928d9c879c09f797743015282506baa7e3339d72ecHPE Security Bulletin HPESBHF03766 1 - Potential security vulnerabilities with NTP have been addressed for HPE network products including Comware 5 used in certain ConvergedSystem 700 solutions. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or unauthorized modification, or locally exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
3edfee76e1994530da7a06fe189c9516c8fd4b472f41291e675135108bd439bcUbuntu Security Notice 3358-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
d2cf22e826ff1c4d35650ee61a489bed7dde9575afc78303e036d460dfe637d3Red Hat Security Advisory 2017-1793-01 - Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the "Rendering" aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2. Multiple security issues have been addressed.
736af5abc072c79d5f321c80bfb71391a4b91c50e5670e5d50a8172ca59aa559Apple Security Advisory 2017-07-19-2 - macOS 10.12.6 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
bcc56d96708e760ecf0c7d3255dbf1e45f11507054dc7e9d429392beb7658554
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed