This Metasploit module exploits a ViewState .NET deserialization vulnerability in web-based MS SQL Server management tool myLittleAdmin, for version 3.8 and likely older versions, due to hardcoded machineKey parameters in the web.config file for ASP.NET. Popular web hosting control panel Plesk offers myLittleAdmin as an optional component that is selected automatically during "full" installation. This exploit caters to the Plesk target, though it should work fine against a standalone myLittleAdmin setup. Successful exploitation results in code execution as the user running myLittleAdmin, which is IUSRPLESK_sqladmin for Plesk and described as the "SQL Admin MSSQL anonymous account". Tested on the latest Plesk Obsidian with optional myLittleAdmin 3.8.
4124c84ac15efa5a91216b271b351c4f85f28724a0347ca062414a3d04b8a3b5
This Metasploit module exploits a vulnerability found in Synology DiskStation Manager (DSM) versions prior to 5.2-5967-5, which allows the execution of arbitrary commands under root privileges after website authentication. The vulnerability is located in webman/modules/StorageManager/smart.cgi, which allows appending of a command to the device to be scanned. However, the command with drive is limited to 30 characters. A somewhat valid drive name is required, thus /dev/sd is used, even though it does not exist. To circumvent the character restriction, a wget input file is staged in /a, and executed to download our payload to /b. From there the payload is executed. A wfsdelay is required to give time for the payload to download, and the execution of it to run.
22368ec0c59933bee5ea858b6786d568816185b770ebf924813f131d442f27ea
IAIK JCE is a provider for the Java Cryptography Extension and has an issue where the way that some of the computations involved in the signature generation are carried out introduce a side channel that leaks timing information about the ephemeral number k.
f5ad1c0c8b85d6c758118f5f39ba83bfe826c49bf267f2a4b522e0fbfd5390a1
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
ffa34b1c7ca0e499c57f124019001f7a6aefc22c2d512c68d9c2df8d0ba8e93e
Druva inSync Windows Client version 6.6.3 suffers from a local privilege escalation vulnerability.
0aee9532d81eee381ba208af9a36a8120aa9099876a0b99c74c0abce51931cea
VUPlayer version 2.49 .m3u local buffer overflow exploit with DEP and ASLR.
6b8aad5b065e4fd73331365aa12da535ca69142d063f010e1f27ab99d471d84f
Gym Management System version 1.0 suffers from an unauthenticated remote code execution vulnerability.
6a765a2a578f06a7b02f8904bda572779f3d00d6d0bf387951c135a5b72cf9db
In 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation. Qualys recently re-discovered these vulnerabilities and were able to exploit one of them remotely in a default installation.
b40bd18472de68aa880c0372a9f3305689c40f370d5468a34516ef9530fd6906
Ubuntu Security Notice 4370-2 - USN-4370-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.
de5808ae689b12e140acaa5c772d93c4aa0a4002f73bce4c4a5a6876954e3227
Ubuntu Security Notice 4371-1 - It was discovered that libvirt incorrectly handled an active pool without a target path. A remote attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled memory when retrieving certain domain statistics. A remote attacker could possibly use this issue to cause libvirt to consume resources, resulting in a denial of service. This issue only affected Ubuntu 19.10. Various other issues were also addressed.
34c13bb2675b4bde9213fc78d2c244ba963384fec9e6bbbb9cac57d1a9df52e3
Ubuntu Security Notice 4372-1 - It was discovered that QEMU incorrectly handled bochs-display devices. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. This issue only affected Ubuntu 19.10. It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. Various other issues were also addressed.
050dff354c465a6781ac554efb3017f827d45dbfbdc0e9dd7c15ae317f968d6f
Apple Security Advisory 2020-05-20-1 - Xcode 11.5 is now available and addresses an issue where a crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host.
e35976b46ec8572069af8ecfa516e7c0af3685276f36b89073c48c53fa832ce2
Ubuntu Security Notice 4370-1 - It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. It was discovered that ClamAV incorrectly handled parsing PDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
877820ed17d981fa733ed7bc43ded0af110ab954d544704bdcd37aea406a4d50
This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers.
520b0c827c8b01d8c2ca1ab697de7f2fc8a7e99f91c7209728f8431d3a566cea
Red Hat Security Advisory 2020-2250-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.104 and .NET Core Runtime 3.1.4. Issues addressed include a denial of service vulnerability.
28b849b188bfaabdfecd6b3f872f23423fe23dafa29b197903d90966ec0e2537
Ubuntu Security Notice 4369-1 - It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service. Tristan Madani discovered that the file locking implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.
69def9b45df53fc4cdb7a3a8ed24f560a00649c84605fd7f555c6571945e7f41
Whitepaper called OAuth 2.0 Implementation and Security.
51889b9cb5896e34189c448f717b7809247336b04dd3ebd03675f4128321eeee
AbsoluteTelnet version 11.21 suffers from multiple denial of service vulnerabilities.
e993df161cddc11c458ef2147ee5ee2b56312c7490e1bdd9da4c08e93a849ba1
Forma.LMS version 5.6.40 suffers from a cross site request forgery vulnerability.
a4fbc2d62d59b1ddc6ebd3592eedb0665b21e75d2498e9b5a3b7ff83c3e66e4a
Red Hat Security Advisory 2020-2249-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.104 and .NET Core Runtime 3.1.4. Issues addressed include a denial of service vulnerability.
6b1a7c7b9f7d25f89295aa961301ef2c539a82a7abd3d63adeae12e0f2ad20f5
Whitepaper called Hunting Red Team Activities with Forensics Artifacts.
36c6a099b355717d492a8ce32ba064c4db6bb7183d16c52762e1fda45ae671c4
OpenEDX platform Ironwood version 2.5 suffers from a remote code execution vulnerability.
7a54e38627d6ca731048e6e1fe6e6741c718fa2f3cd5f6374e5ad4c2c7cf6dd0
PHP-Fusion version 9.03.50 has been found susceptible to additional methods of persistent cross site scripting. Initial findings in this version were discovered by SunCSR.
c6b9922795d11a23e3b4151c57c54613d48ea125dc0bc2b428d1acbb0c0f9f47
Composr CMS version 10.0.30 suffers from a persistent cross site scripting vulnerability.
bd0304dc55718b3129060de9dd8a6ac6f198948bfb00573ed86879db126f081e
Ubuntu Security Notice 4365-2 - USN-4365-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. Various other issues were also addressed.
8cd4885ea870121ddb49aa2e9497c23e099b8e054c205f6250e8608d3a33b714