Utilizing Docker via unprotected tcp socket (2375/tcp, maybe 2376/tcp with tls but without tls-auth), an attacker can create a Docker container with the '/' path mounted with read/write permissions on the host server that is running the Docker container. As the Docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owned by root. This exploit abuses this to creates a cron job in the '/etc/cron.d/' path of the host server. The Docker image should exist on the target system or be a valid image from hub.docker.com.
5eef6332da7f2e3eafd6c25adcb58e15c04382cde4fdec2987c6b2d85ab64dfeOnline Invoice System version 3.0 suffers from a remote SQL injection vulnerability.
d827148d986844b7b843f8db9b189bd71251e2b2c9b89c10cec5f48cdd3772f8D-Link 850L suffers from cross site scripting, access bypass, backdoor, bruteforcing, information disclosure, remote code execution, and denial of service vulnerabilities. Basically, do not use this device unless you want to analyze it to see how not to design something.
3a9bd05d149ac1db91581ef8d913fef21e9b0ab8adc8b8428e217e2841c41d87Red Hat Security Advisory 2017-2672-01 - The qs module for Node.js is a querystring parser that supports nesting and arrays with a depth limit. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs-qs. Security Fix: It was found that ljharb's qs module for Node.js did not properly parse query strings. An attacker could send a specially crafted query that overwrites the resulting object's prototype properties or hasOwnProperty()), resulting in a denial of service when the overwritten function would be executed.
f082343c933a2dfcfa1a81e2fc9ffaacc6dc77034826e8600b23f2a338f5955dWordPress Fitness Trainer - Training Membership plugin versions 1.0.8 and below suffer from a cross site scripting vulnerability.
ccc8007e21241406bf13d42ae4e2f246a0d5cdcbe6e97ea1df5a9330b444a03dCMS Showcase version 1.0 suffers from multiple cross site scripting vulnerabilities.
c15121a995430ef80a10b0d03d2ec53b840903c34ba1973e191fcbc81c911b1fDebian Linux Security Advisory 3967-1 - An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates.
d60a94808b4db18bdaa7283649c335faa09eac8106c9b0d94766e8912f9006c2EMC AppSync contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. All versions prior to 3.5 are affected.
3626e7de16410c493a25288632f5b8852d38948696fbeb8dd5e2fd6e50c14c77Ubuntu Security Notice 3412-1 - Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this to cause file to crash, resulting in a denial of service.
7120eff4a07e93e154601d356fcfe086771c5eef54370fea0c97bb56df39bd73Roteador Wireless Intelbras WRN150 router suffers from a cross site scripting vulnerability.
5a0a245c41b2d75c548ba5dcd592bd263501625b27ff4ec18d152b4795ebfaa8EE 4GEE wireless router version EE60_00_05.00_25 suffers from cross site request forgery, cross site scripting, and information disclosure vulnerabilities.
df351b407db9242190cf3bbea62bf65f1e04f7a9d97b0fbf8792987089fa564eHuawei HG255s suffers from a directory traversal vulnerability.
b421c24591f0f6e7b124c83bcbcfd081112d9efb502c7cb471dfa8ceca3daf75EzBan version 5.3 suffers from a remote SQL injection vulnerability.
9ba82ab8b99d808cad0987f375a46b7b68ed65724213c3b33697c845fb7404afEzInvoice Invoice Management System version 6.0.2 suffers from a remote SQL injection vulnerability.
70ec35fe9f3f1953f207e86f7f9cb1cdcc7c4e0270b78a4629f199203b79a02fAerohive Networks HiveManager Classic Online NMS suffers from a remote shell upload vulnerability.
745fd3de5ef3c4a53d3e654416b79cdeb7971d2b755baed1b843dacc13925ca9Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
638c587396fbd2e857d6a3d2229db3b071704c0e217e03055c9268b495ab8102
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed