IBM Data Risk Manager (IDRM) contains three vulnerabilities that can be chained by an unauthenticated attacker to achieve remote code execution as root. The first is an unauthenticated bypass, followed by a command injection as the server user, and finally abuse of an insecure default password. This module exploits all three vulnerabilities, giving the attacker a root shell. At the time of disclosure, this is a 0day. Versions 2.0.3 and below are confirmed to be affected, and the latest 2.0.6 is most likely affected too.
5e042f223b6191ace28628a3b791fe40265ee2b640aac230d6977add6e767672This Metasploit module abuses a known default password in IBM Data Risk Manager. The a3user has the default password idrm and allows an attacker to log in to the virtual appliance via SSH. This can be escalate to full root access, as a3user has sudo access with the default password. At the time of disclosure, this is a 0day. Versions 2.0.3 and below are confirmed to be affected, and the latest 2.0.6 is most likely affected too.
93ca159b01584a7ade8620b17077cdc4619743113ed1b5b8a46d288369f9b00aThis Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through 2.8.0.4 inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpoint_devicemap.php page. Successful exploitation allows for arbitrary command execution on the underlying operating system as the asterisk user. Users can easily elevate their privileges to the root user however by executing sudo nmap --interactive followed by !sh from within nmap.
d8cf1911eb53fa726641699bb7ddfdc44e28e3c1e9e58c93506d65e29eb0dba8Red Hat Security Advisory 2020-2014-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.
dbbe1b45eebb67c65a60fd512572b08edfed8280fba3318a4d7f27a3a7106d25ATutor LMS version 2.2.4 suffers from having a weak password reset hash.
695d43c107bcbb8c5b7a5b23041b58961922c09223a6f7f84fa51fde122cb2f4113 bytes small Linux/x64 anti-debug trick (INT3 trap) with execve("/bin/sh") shellcode that is NULL free.
22961b45b5d956fcd59277ee56779b00f2f5f370abf5c42935f6e786b276c885webERP version 4.15.1 suffers from an unauthenticated backup file disclosure vulnerability.
11aca6631947fecd14a0fc78fb9b842ce7dd8db5f1d295d5bdd7bebfdd994028Saltstack version 3000.1 suffers from a remote code execution vulnerability.
30e13e1ef114715477d92359a46e21130fb5b89d01ac65ed3cd4a9c4dd5ac0d7NEC Electra Elite IPK II WebPro version 01.03.01 suffers from a session enumeration vulnerability.
be4cfd5d3df868d6d86c51436889a66189eb60c8970471321a5cb9ff86ff1310WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability.
1ebb98495b8fa8dad24676dddccc093fc59175e279731d6f0c3ed82e9cbe5251SimplePHPGal version 0.7 suffers from a remote file inclusion vulnerability.
e43ca4338b0375bb18fa866eeb71b6dabc16da0f2e117e7e9f7136b261174d19PhreeBooks ERP version 5.2.5 suffers from a remote command execution vulnerability.
2897b53eae26fd2cfbe07131bc41d4c33a72afa2421641bea6d75825c24636dfOnline Scheduling System version 1.0 suffers from a remote SQL injection vulnerability.
dc5060d71e3f7fb1f8c315318ca1895b5a004b130bbb3ec0aaac2da96e3d3f46Oracle Database 11g Release 2 suffers from an OracleDBConsoleorcl unquoted service path vulnerability.
2d68a9e62a0fe23f07e64b13f80003c7ba86341cf43cddace24ddec2ec831413
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed