This Metasploit module exploits a buffer overflow in the FTPShell client 6.70 (Enterprise edition) allowing remote code execution.
b8f01f84c845398fb04cba37588088d6bbc790b0fc0bdf524f55915dd6be6c52This Metasploit module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access. The steps are: 1. Issue a POST request to /nagiosql/admin/settings.php which sets the database user to root. 2. SQLi on /nagiosql/admin/helpedit.php allows us to enumerate API keys. 3. The API keys are then used to add an administrative user. 4. An authenticated session is established with the newly added user 5. Command Injection on /nagiosxi/backend/index.php allows us to execute the payload with nopasswd sudo, giving us a root shell. 6. Remove the added admin user and reset the database user.
80bee7aa780edc43040bd1dd427fbdb84bcd1f35f74873b32d619a620e07f20cVMware Security Advisory 2018-0011.1 - Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud.
2bad9b418270a2559edd54ffa4cc799e7eb46bbf04736056ec59270ffddcfd81VMware Security Advisory 2018-0016 - VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities.
90567ad4dad799d75d4c874c4d4d5dd2bde081e9577045670fd3af3cc521c376VMware Security Advisory 2018-0012.1 - VMware vSphere, Workstation and Fusion updates enable Hypervisor- Assisted Guest Mitigations for Speculative Store Bypass issue. The mitigations in this advisory are categorized as Hypervisor- Assisted Guest Mitigations described by VMware Knowledge Base article 54951. KB54951 also covers CVE-2018-3640 mitigations which do not require VMware product updates.
b7454f0cda78e28fc6b7444ae9be5bdd987d9eaf72ed3ac3ad092d94850944f6Microsoft Windows suffers from an ADODB.Record object file overwrite vulnerability. The password for the proof of concept zip is adorecord.
fa5ba9f3b0a03d61eb7be0c60781151047f183df16df52d8cab904fdcd2cc159Ubuntu Security Notice 3686-2 - USN-3686-1 fixed a vulnerability in file. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that file incorrectly handled certain magic files. An attacker could use this issue with a specially crafted magic file to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
af09837fd0ebda01652c7ca1b96410d72ebe7f9252ff54d8a3cb3415cf7964dc28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there. Gentoo is still working to determine the exact extent and to regain control of the organization and its repositories.
ce6323bf0a3ebce97d674c732895a9191e58f3c64a0a758f7b0b6840859fed95Debian Linux Security Advisory 4236-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.
bc38a7c7dcdcd73bd1df565a0d7810fd50d34a4eb9c6c879d0393737aeb23585Red Hat Security Advisory 2018-2102-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an information exposure vulnerability.
ff3b6ea694d245d64e3ea8a6aa0aba4c1a6fe0ebf8bed80a5e4ce1e85062c7f0Ubuntu Security Notice 3694-1 - It was discovered that NASM incorrectly handled certain source files. If a user or automated system were tricked into processing a specially crafted source file, a remote attacker could use these issues to cause NASM to crash, resulting in a denial of service, or possibly execute arbitrary code.
955d49d6845e15d41ca9f850de8051b0d6f46753cfa31efa5909d4b4598023ecRed Hat Security Advisory 2018-2112-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
c83b51fc510827e3da5f97c2bdaefb75707217c460d8a14d5c67b9cf283e90faRed Hat Security Advisory 2018-2113-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
733eefe7a714bfbb481e79af2fb8c94cc9b1e0409edce093a2e253f22750db8eDebian Linux Security Advisory 4235-1 - Several security issues have been found in the Mozilla Firefox web lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.
8c2683c765b5fe80e5b1bcd8d7cdded23af3f5071accff38512c01785137cb09Apple Security Advisory 2018-06-27-1 - SwiftNIO 1.8.0 is now available and addresses a buffer overflow vulnerability.
4319312a52e9fc53fcae2a76e18afb01692987d3069ab41c613f7ed00fcf4b95TP-Link TL-WR841N v13 suffers from an authentication bypass vulnerability via an insecure direct object reference vulnerability.
9995c6b3b6cf275d4bde83f805fb4d5553b3807472d1967cf7e57c4f243ec759TP-Link TL-WR841N v13 suffers from a blind command injection vulnerability.
92b9e15c1917bfa85cd7b7d7dec306620e04cc32a685a4d63fedfeb461b5460bTP-Link TL-WR841N v13 suffers from cross site request forgery vulnerabilities.
231860d71c1d24ce794123eae11efe2c36b3ee4500c2bf996f198fb1478e6c91GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
2fd71654c81246ff43dbed2cf0471aab564bd17a409d3c225adc63d143e2f1c7Red Hat Security Advisory 2018-2114-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Telecommunications Update Service for Red Hat Enterprise Linux 6.6 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.6 TUS after December 31, 2018.
9ad875d49b4630107434d8f4cc9e4536e20ba2e184f5f8019cd2eb9c2938b6d0Cisco Adaptive Security Appliance suffers from a path traversal vulnerability.
d1b313011029126cb865a0362620a79446da5eb04f5aec729d6ccf3667869fe9Android suffers from multiple race condition vulnerabilities in the media.metrics service.
a656fd451726abc4db30105b2ca67987815f338e9dadcd85a7b86bfb41ec66b0hycus CMS version 1.0.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
3890bb9f4e195bb91b26e724e6ca0c976e6a3796474aaa2a30288451bed835d7DIGISOL DG-HR3400 Wireless Router suffers from a cross site scripting vulnerability.
43a7fc7a43a0f80375829d244ab8dc5eff775609451d8f7490c90f4d1f164c57BEESCMS version 4.0 suffers from an add administrator cross site request forgery vulnerability.
91d00c7ca731162cb70946ad7a59a0daa28377389fe9f5f2bfe23b7d2de5cf25
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed