This Metasploit module exploits a ViewState .NET deserialization vulnerability in web-based MS SQL Server management tool myLittleAdmin, for version 3.8 and likely older versions, due to hardcoded machineKey parameters in the web.config file for ASP.NET. Popular web hosting control panel Plesk offers myLittleAdmin as an optional component that is selected automatically during "full" installation. This exploit caters to the Plesk target, though it should work fine against a standalone myLittleAdmin setup. Successful exploitation results in code execution as the user running myLittleAdmin, which is IUSRPLESK_sqladmin for Plesk and described as the "SQL Admin MSSQL anonymous account". Tested on the latest Plesk Obsidian with optional myLittleAdmin 3.8.
4124c84ac15efa5a91216b271b351c4f85f28724a0347ca062414a3d04b8a3b5This Metasploit module exploits a vulnerability found in Synology DiskStation Manager (DSM) versions prior to 5.2-5967-5, which allows the execution of arbitrary commands under root privileges after website authentication. The vulnerability is located in webman/modules/StorageManager/smart.cgi, which allows appending of a command to the device to be scanned. However, the command with drive is limited to 30 characters. A somewhat valid drive name is required, thus /dev/sd is used, even though it does not exist. To circumvent the character restriction, a wget input file is staged in /a, and executed to download our payload to /b. From there the payload is executed. A wfsdelay is required to give time for the payload to download, and the execution of it to run.
22368ec0c59933bee5ea858b6786d568816185b770ebf924813f131d442f27eaIAIK JCE is a provider for the Java Cryptography Extension and has an issue where the way that some of the computations involved in the signature generation are carried out introduce a side channel that leaks timing information about the ephemeral number k.
f5ad1c0c8b85d6c758118f5f39ba83bfe826c49bf267f2a4b522e0fbfd5390a1nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
ffa34b1c7ca0e499c57f124019001f7a6aefc22c2d512c68d9c2df8d0ba8e93eDruva inSync Windows Client version 6.6.3 suffers from a local privilege escalation vulnerability.
0aee9532d81eee381ba208af9a36a8120aa9099876a0b99c74c0abce51931ceaVUPlayer version 2.49 .m3u local buffer overflow exploit with DEP and ASLR.
6b8aad5b065e4fd73331365aa12da535ca69142d063f010e1f27ab99d471d84fGym Management System version 1.0 suffers from an unauthenticated remote code execution vulnerability.
6a765a2a578f06a7b02f8904bda572779f3d00d6d0bf387951c135a5b72cf9dbIn 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation. Qualys recently re-discovered these vulnerabilities and were able to exploit one of them remotely in a default installation.
b40bd18472de68aa880c0372a9f3305689c40f370d5468a34516ef9530fd6906Ubuntu Security Notice 4370-2 - USN-4370-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.
de5808ae689b12e140acaa5c772d93c4aa0a4002f73bce4c4a5a6876954e3227Ubuntu Security Notice 4371-1 - It was discovered that libvirt incorrectly handled an active pool without a target path. A remote attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled memory when retrieving certain domain statistics. A remote attacker could possibly use this issue to cause libvirt to consume resources, resulting in a denial of service. This issue only affected Ubuntu 19.10. Various other issues were also addressed.
34c13bb2675b4bde9213fc78d2c244ba963384fec9e6bbbb9cac57d1a9df52e3Ubuntu Security Notice 4372-1 - It was discovered that QEMU incorrectly handled bochs-display devices. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. This issue only affected Ubuntu 19.10. It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. Various other issues were also addressed.
050dff354c465a6781ac554efb3017f827d45dbfbdc0e9dd7c15ae317f968d6fApple Security Advisory 2020-05-20-1 - Xcode 11.5 is now available and addresses an issue where a crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host.
e35976b46ec8572069af8ecfa516e7c0af3685276f36b89073c48c53fa832ce2Ubuntu Security Notice 4370-1 - It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. It was discovered that ClamAV incorrectly handled parsing PDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
877820ed17d981fa733ed7bc43ded0af110ab954d544704bdcd37aea406a4d50This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers.
520b0c827c8b01d8c2ca1ab697de7f2fc8a7e99f91c7209728f8431d3a566ceaRed Hat Security Advisory 2020-2250-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.104 and .NET Core Runtime 3.1.4. Issues addressed include a denial of service vulnerability.
28b849b188bfaabdfecd6b3f872f23423fe23dafa29b197903d90966ec0e2537Ubuntu Security Notice 4369-1 - It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service. Tristan Madani discovered that the file locking implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.
69def9b45df53fc4cdb7a3a8ed24f560a00649c84605fd7f555c6571945e7f41Whitepaper called OAuth 2.0 Implementation and Security.
51889b9cb5896e34189c448f717b7809247336b04dd3ebd03675f4128321eeeeAbsoluteTelnet version 11.21 suffers from multiple denial of service vulnerabilities.
e993df161cddc11c458ef2147ee5ee2b56312c7490e1bdd9da4c08e93a849ba1Forma.LMS version 5.6.40 suffers from a cross site request forgery vulnerability.
a4fbc2d62d59b1ddc6ebd3592eedb0665b21e75d2498e9b5a3b7ff83c3e66e4aRed Hat Security Advisory 2020-2249-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.104 and .NET Core Runtime 3.1.4. Issues addressed include a denial of service vulnerability.
6b1a7c7b9f7d25f89295aa961301ef2c539a82a7abd3d63adeae12e0f2ad20f5Whitepaper called Hunting Red Team Activities with Forensics Artifacts.
36c6a099b355717d492a8ce32ba064c4db6bb7183d16c52762e1fda45ae671c4OpenEDX platform Ironwood version 2.5 suffers from a remote code execution vulnerability.
7a54e38627d6ca731048e6e1fe6e6741c718fa2f3cd5f6374e5ad4c2c7cf6dd0PHP-Fusion version 9.03.50 has been found susceptible to additional methods of persistent cross site scripting. Initial findings in this version were discovered by SunCSR.
c6b9922795d11a23e3b4151c57c54613d48ea125dc0bc2b428d1acbb0c0f9f47Composr CMS version 10.0.30 suffers from a persistent cross site scripting vulnerability.
bd0304dc55718b3129060de9dd8a6ac6f198948bfb00573ed86879db126f081eUbuntu Security Notice 4365-2 - USN-4365-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. Various other issues were also addressed.
8cd4885ea870121ddb49aa2e9497c23e099b8e054c205f6250e8608d3a33b714
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed