This Metasploit module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper session handling in /action/beats_uploader.php file. This Metasploit module was tested on ClipBucket before 4.0.0 - Release 4902 on Windows 7 and Kali Linux.
4cbc4f10623c015fe72317b111015c9c54dcbf8fdddd9d0a7b8d9e1a06c5b330
Ubuntu Security Notice 3607-1 - It was discovered that Screen Resolution Extra was using PolicyKit in an unsafe manner. A local attacker could potentially exploit this issue to bypass intended PolicyKit authorizations.
1cba5203444f9b97137ee8c0abe70d8653262ffbbce163e3843645d454d09a9b
Gentoo Linux Security Advisory 201803-13 - A vulnerability in PLIB may allow remote attackers to execute arbitrary code. Versions less than 1.8.5-r1 are affected.
3075429c781033eb45aa3333ffe934344597b6dddf0b7d6046c6a3fedd2a965f
Gentoo Linux Security Advisory 201803-12 - Multiple vulnerabilities have been found in BusyBox, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 1.28.0 are affected.
588359ff5f2c3bbf4fd2ef4dd07154b16880b4831f2d6100b5c05d71eee8101b
Ubuntu Security Notice 3606-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
ba45642f0c149fb2dbd67ebccb1e77402ebb7c2bf58e841d47e94662310294ae
Acrolinux Server versions prior to 5.2.5 suffer from a directory traversal vulnerability.
6e40e3230a6a8f992f1896ba8051c14211224629d948f41fe8404620830cb2a9
Hikvision IP Camera versions 5.2.0 through 5.3.9 (builds 140721 up until 170109) suffer from an access control bypass vulnerability.
7af92b119967a688ba007849fccd93f43c5fcb2a0a609765db006f3999450a9f
Laravel Log Viewer versions prior to 0.13.0 suffers from a local file download vulnerability.
167717bccfa3ca0b0d38c17ea0f44b8f9623e1fe306e0934c356174fe45eecf6
WordPress Event Manager plugin version 5.8.1.1 suffers from a cross site scripting vulnerability.
baf4458c23251ad71852c73e90d1678d2e8eaaa88fc903857be36dcdba922235
Whitepaper called Cross Site Scripting 'XSS' In A Nutshell.
695d2b954f4e3f92af84560cd50399eb8681efd6c5c34c52add3dfb690d2875a
Fast AVI MPEG Splitter version 1.2 suffers from a stack-based buffer overflow vulnerability.
74d1b7954d7ccab43a24cc84ff23859a4adf3cf98319b7e84a0e2d798dcd60dd
LabF nfsAxe version 3.7 suffers from a local privilege escalation vulnerability.
09397fec453df4dd0bbba58af44a3c3ea744332821b07a0aa8aeca1e2d151a20
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
0e040218d72d6d3b0172bedbc784268e3e297d7689ffa343f150fb05a9d2491a
Whitepaper that discusses error-based SQL injection in "Order By" clause in MSSQL.
851cfd618bf84f5c291b9f234d0aa06c3d0654bfd229ffe4a04e78ae9f52e471
TL-WR720N 150Mbps Wireless N Router suffers from a cross site request forgery vulnerability.
29a83aa88e720bd516144671af135dc4639bec30d79836352ba9b3a570f1c6e5
Zimbra Collaboration Suite version 8.7.11_GA_1854 suffers from a cross site scripting vulnerability.
099f87fddf07da704f9a67a7b4979ce0266914e76497434c8d04de08bbcff92a
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
6e775d988ba449a2d9f833b8a457e67eb28325d0838a3037a9b5a5ab50c956ec
Debian Linux Security Advisory 4150-1 - It was discovered that an integer overflow in the International Components for Unicode (ICU) library could result in denial of service and potentially the execution of arbitrary code.
d565c723c889bbe64e6d02d885bf1ec49328cafdaf31d5f28cf7aa7526ffc5e9
This Microsoft bulletin summary holds information regarding Microsoft security updates for March, 2018.
bd8143cef695664844888e79093fb17425c862aba77d1287c5c7a4b62750ec8c
Ubuntu Security Notice 3595-2 - USN-3595-1 fix a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service. Various other issues were also addressed.
68e2d5cf546d54e59c3c1ea3e42fca8fff8876f1a591c7739fa0f99e08f701cc
Android Bluetooth BNEP bnep_data_ind() remote heap disclosure proof of concept vulnerability.
bca48d1c32a6cf579a5ece90b87234274c98bed6401f1470ca5a6cdcba4d5b50
Android Bluetooth BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG out-of-bounds read proof of concept vulnerability.
99eb32567c7340a388cd09922afb5a94b3797a234d4baf2ff8977aa03764df08
MyBB Last User's Threads in Profile plugin version 1.2 suffers from a persistent cross site scripting vulnerability.
e74748654b844156e0a5f78dc1cf3868c196a695841758e3e0dc5285d752d2f0
11 bytes small Linux/x86 egghunter shellcode.
7f349789d9f07a6fc8d0a749471ad2add38bcf72e27d6603d846f706b5f7d4a9
WM Recorder version 16.8.1 suffers from a denial of service vulnerability.
cbd3e22e186e4ce1db80286f150facddd6c551b0838217182dd78ad3126cbf1c