This Metasploit module exploits inadequate access controls within the Schneider Electric Pelco Endura NET55XX webUI to enable the SSH service and change the root password. This module has been tested successfully on: NET5501, NET5501-I, NET5501-XT, NET5504, NET5500, NET5516, NET550 versions.
9f1a1fca209500f23a5d828a6c170bd77e26b7a3c4b045f75fc08a8419a6a484
Thomas Detert found out that the jamming detection of the ABUS alarm central does not detect short jamming signals that are shorter than normal ABUS RF messages. Thus, an attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. Version 3.01.01 is affected.
e98fe47d41ddf0ca24e6f78dac777943006f689fe3cefe75519fcbab7d77131d
Red Hat Security Advisory 2019-1862-01 - As part of the maintenance phase, qualified security patches of Critical or Important impact, as well as select mission-critical bug-fix patches, were released for Red Hat OpenShift Enterprise 3.6 and 3.7. After July 31st, 2019, customers will not receive those updates.
84de603b8b2616f22abb4cf93b0029a2760bb8fb071c4a489c3a2b16b1f2938c
Ubuntu Security Notice 4076-1 - It was discovered that a race condition existed in the Serial Attached SCSI implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
b13795081982c85c2eb246df67545853716b79439ee19e7a1344e8637acedcee
There exists a command injection vulnerability in the Wordpress plugin wp-database-backup for versions less than 5.2. For the backup functionality, the plugin generates a mysqldump command to execute. The user can choose specific tables to exclude from the backup by setting the wp_db_exclude_table parameter in a POST request to the wp-database-backup page. The names of the excluded tables are included in the mysqldump command unsanitized. Arbitrary commands injected through the wp_db_exclude_table parameter are executed each time the functionality for creating a new database backup are run. Authentication is required to successfully exploit this vulnerability.
401ad527c7daa315ba1bf0e69bfa9cc8df0e398c4a05459107a808ada7823a8d
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
5d9c1a6eaf082b880c61895914824e347c6d63ad2a31cfc150f384a3e68ce5fb