This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be specified in the MODPROBE_OPTIONS environment variable, resulting in arbitrary command execution with root privileges. This module has been tested successfully on: systemtap 1.2-1.fc13-i686 on Fedora 13 (i686); and systemtap 1.1-3.el5 on RHEL 5.5 (x64).
57d955347310170d1a380dba46ef41462b10f297e733fec17201a3831094af3b
Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A _template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is not required to exploit this vulnerability. By default, Java payload will be used because it is cross-platform, but you can also specify which native payload you want (Linux or Windows). Confluence before version 6.6.12, from version 6.7.0 before 6.12.3, from version 6.13.0 before 6.13.3 and from version 6.14.0 before 6.14.2 are affected.
f4c247f9a9679d32c545b710244463bf290d04f611d0ecce6a6427fde7c101ef
Ubuntu Security Notice 3950-1 - It was discovered that ZNC incorrectly handled certain invalid encodings. An authenticated remote user could use this issue to cause ZNC to crash, resulting in a denial of service, or possibly execute arbitrary code.
5fb5e38bcebcd5886bfe640b23b9a72b51a271df222d4ca60853a577cc65e6f7
Netwide Assembler (NASM) version 2.14rc15 null pointer dereference proof of concept exploit.
ff620ab5ba2592c8b398b205c5304425b2dc0cefbfddb320a4cc1c881ace45ea
This Metasploit module exploits SQL injection and command injection vulnerabilities in ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of "system" on the server due to the SQL injection vulnerability. The exploit allows the writing of the desired file to the system using the postgresql structure. The module is written over the payload by selecting a file with the extension ".vbs" that is used for monitoring by the ManageEngine which working with "system" authority. In addition, it dumps the users and passwords from the database for us. After the harmful ".vbs" file is written, the shell session may be a bit late.
95106466679de2024b9e4469f4bb9b8acabf974bb4ab6e9e3cbc9623f7471fd4
Evernote version 4.9 suffers from a path traversal that can allow for code execution.
b08c7a210842b3ac5ca0df6b59fe9b17d6c7def80cc11bf9635441acb2c7e805
Released 2019/04/18 by the United States Justice Department, this is the Report On The Investigation Into Russian Interference In The 2016 Presidential Election. This is the redacted version.
5c935e422d05d47906729ef7caf3b86f48acddacce16f57440f0d2541b9de70b
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68
Slackware Security Advisory - New libpng packages are available for Slackware 14.2 and -current to fix security issues.
b4b4ff26daa8f526e4c76b925e9cc0e3c2f76e411f39dbcfe285ebe048d92080
This Metasploit module generates an ODT file with a mouse over event that when triggered, will execute arbitrary code.
1dbac9bc01a0968e5bd4defcfd3239c6f9cf90dfee38c29c3ff6560e99041d79
Gentoo Linux Security Advisory 201904-19 - Multiple vulnerabilities have been found in Dovecot, the worst of which could result in root privilege escalation. Versions less than 2.3.5.1 are affected.
ce3244367b87fcc80f3c1b30e2cd4f8e11bb766839c1f9b30ca32d7fdfb24186
Red Hat Security Advisory 2019-0782-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include code execution and deserialization vulnerabilities.
112695995622cdf7982b5f45e341346c6fb131743373fd9b1ae6014aa1e901cf
Gentoo Linux Security Advisory 201904-18 - A vulnerability in libseccomp allows for privilege escalation. Versions less than 2.4.0 are affected.
64c1326aba6403a74d274fc18185006fe5f5afbae867aee8378ac38680d7a2d1
Ubuntu Security Notice 3914-2 - USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator. Various other issues were also addressed.
208c409ec12a3be377bfbf3abfb46eedd2b6704c6b56af1b820f340b4d82ca5c
Gentoo Linux Security Advisory 201904-17 - Multiple vulnerabilities have been found in Patch, the worst of which could result in the execution of arbitrary code. Versions less than 2.7.6-r3 are affected.
f611d1465ff71c629377f0a946b29349fec276e2a4cc800e95134e1952531f7a
A heap corruption was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType fonts.
3c3d35dfc5426eaa61ae91b3e754f6e09c909445eb2f9484504d724fdedd1db5
A heap corruption was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType, implemented in a proprietary t2k library.
cc1fdb072ca05f2a5b04c3cb9301fdc0fce66245b901c57e61aba6f76f5054ec
OAMbuster is a multi-threaded exploit for CVE-2018-2879.
b68302c74939716ec55aa081bbd6419f01985352ca4eb583f4c9417195876784
Red Hat Security Advisory 2019-0778-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a slow conversion of BigDecimal to long.
5396f45bea3eb627c49258ab5c0f3243ea17dadc19e1cff73a3d79b2fa5fafbe
Red Hat Security Advisory 2019-0775-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an out of bounds access vulnerability.
df87c0ca20994cd8b674294e7f0975316462269c1e290da4858ed6b852bad9ee
Red Hat Security Advisory 2019-0774-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an out of bounds access vulnerability.
05356c5064fc4c8320d6377262fbc8e7390666bc1448496fc0e517de3bdc1ade
Debian Linux Security Advisory 4433-1 - Several vulnerabilities have been discovered in the Rubygems included in the interpreter for the Ruby language, which may result in denial of service or the execution of arbitrary code.
e3199047134c8bcfe7382ed803154e3f50c1ae57b7e6b37aef6f86cfedc00a6d
Debian Linux Security Advisory 4432-1 - Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox.
51784f8be1c1e386af3b69b6266e3d0c02983e49cdfd148d34f4341856f0003c
Ubuntu Security Notice 3918-4 - USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle attacks. Various other issues were also addressed.
5b4f9b2b76b002e143884e0796cad669d48126daf811297c19395adffd7ed1c4
DHCP Server version 2.5.2 suffers from a denial of service vulnerability.
60761f6a7cd8f8932e61462c57456faaef43add0623b17e39ba208e5aac27e5a