This Metasploit module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer (ASan). ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The log_path option can be set using the ASAN_OPTIONS environment variable, allowing clobbering of arbitrary files, with the privileges of the setuid user. This module uploads a shared object and sprays symlinks to overwrite /etc/ld.so.preload in order to create a setuid root shell.
0e6f740ce9bc200d846f84b085e1b15b388b872a85100b6499f36331dcd60d30
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
65fe327fdd11272a764c9e1c6ae1f38b151cea9003216b861c7ff2b281ca2970
Ghostscript has an issue with pseudo-operators that can lead to remote code execution. Version 9.26 is affected.
6f82dc2c71113403be2f8d208d1801454419d4178873a71ecf3e7231bb75fa9f
Coppermine version 1.5.46 suffers from multiple cross site scripting vulnerabilities.
38b80db2c56e17ffeddbb0f779d6162b367b3d055203dc2936b95d756b85c455
Abantecart version 1.2.12 suffers from a cross site scripting vulnerability.
9049506bf8cac7203cc836634a13bb52cc4e386f1736d2424ed25fee79a9ef91
DNN version 9.1 suffers from a cross site scripting issue that can be achieved via an XML vulnerability.
524165c60ed031fcefc4fdd7b52e564af0f4bd3450ce057e38a1662da131284e
Microsoft Windows has a flaw where a contact file can be leveraged with a malicious mailto: link to achieve code execution.
e16184bb657aebad54ac521372498653ef4ce63d19c5b150334e57414d202fdc
Joomla! Easy Shop component version 1.2.3 suffers from a local file inclusion vulnerability.
7ebc46eaa01b10e34e0867ed6c6f2432b67a99b6479b0eb3c8bff76a57807364
Joomla! J-BusinessDirectory component version 4.9.7 suffers from a remote SQL injection vulnerability.
ece141f3f2e32a705932b56df62b4b0234b266a7330fc8e04d9aff44e0ea9060
Joomla! VMap component version 1.9.6 suffers from a remote SQL injection vulnerability.
c525825038f94674d36b285c9d73c5f076fbda61bb214bcf20d362fb12c6de74
Joomla! vBizz component version 1.0.7 suffers from a code execution vulnerability.
1b2b50d42b3ac2ded00024104a0b54e504c75ed6aabdcb25b5578d9a93412572
Joomla! vBizz component version 1.0.7 suffers from a remote SQL injection vulnerability.
1f669e3aafb97e30887d32f750562f31c9d5a8b7b760d244dc9e0a2b43f45f71
Nagios XI version 5.5.6 suffers from remote code execution and privilege escalation vulnerabilities.
24108dbb8c9c59ae34ce542303af31e1e4a7a64d3f72d47d85b85c06711c4a54
Joomla! J-ClassifiedsManager component version 3.0.5 suffers from a remote SQL injection vulnerability.
02081fc738336962e9db2c49eab0a648edbfbc8b34944da49d441167fd6e9489
Joomla! J-MultipleHotelReservation component version 6.0.7 suffers from a remote SQL injection vulnerability.
2fbae3a71241e85cb204b6ed16189ab45ad1868a7b4ceb564029b35979e38bbb
Joomla! vReview component version 1.9.11 suffers from a remote SQL injection vulnerability.
62197c373e13a2ae6e10adc85159763a86cd18c52f703c309cc22e5d1e59d642
Joomla! vAccount component version 2.0.2 suffers from a remote SQL injection vulnerability.
293a9418a9c1d355b3bc1cbfe464731a37ba3f6c93c0d71d2e9323413cf8aa68
Joomla! vWishlist component version 1.0.1 suffers from a remote SQL injection vulnerability.
855e78f7977dd5af02a00f316f65ab4ee0d843e713ed2c74e50436578065c385
Ubuntu Security Notice 3866-1 - Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.
39c2317129a0f2797b184193f238e6b3905f879dd65b2bd8f0ca13cd1b69f6c6
Ubuntu Security Notice 3867-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
e34b43d0d03263ddfe392cfad50db5716adf819a0950971ca80c57c77b8e7f20
Red Hat Security Advisory 2019-0148-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.
cf6f99e1d878aeca36d32384df37ac2dc42e37a931da9993dc7f86d945451493
Ubuntu Security Notice 3707-2 - USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. Various other issues were also addressed.
491d58f999c7eea8810601c09831b240d9aedad6123ec22fdeec53a32edec41b
Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
38a254b8bd2b84ac3da8078e193ce32a2e57e602cb9e073ebb4f6bbab8a36bbd
Apple Security Advisory 2019-1-22-3 - watchOS 5.1.3 is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.
f6b7c427628bb1eda79658a3347640a2c92fc5920ea88de3534d613cb984a5ad
Apple Security Advisory 2019-1-22-2 - macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra are now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.
07dfb353b9339db985c408e32871a075cb57f6f7bfc5edd7f63917f471a9b513