This Metasploit module exploits a command injection vulnerability on login that affects Micro Focus Operations Bridge Reporter on Linux, versions 10.40 and below. It is a straight up command injection, with little escaping required, and it works before authentication. This module has been tested on the Linux 10.40 version.
86c50279de70c09dd3d6cb11b4b245b4e8b6b272a33434965e6bc86812dced42This Metasploit module abuses a known default password on Micro Focus Operations Bridge Reporter. The shrboadmin user, installed by default by the product has the password of shrboadmin, and allows an attacker to login to the server via SSH. This module has been tested with Micro Focus Operations Bridge Manager 10.40. Earlier versions are most likely affected too. Note that this is only exploitable in Linux installations.
f916dce1d07e07e927e2802d2dca83cb6a07b9d397ca34c5d01f9b2245b2667bOX App Suite versions 7.10.4 and below suffer from cross site scripting and server-side request forgery vulnerabilities. OX Guard versions 2.10.4 and below suffer from a denial of service vulnerability.
f79fdb3de2e0adf5d96f8bd0f53e9ea78572bc1ad06052cccf66726ab09192b0Ubuntu Security Notice 4930-1 - Peter Eriksson discovered that Samba incorrectly handled certain negative idmap cache entries. This issue could result in certain users gaining unauthorized access to files, contrary to expected behaviour.
59c4ab9feabc5e54f5a2dae4cc3afdff0fd59dd5401bee705ac3bf304eb6ea05Piwigo version 11.3.0 suffers from a remote SQL injection vulnerability.
533a62f1f8e0052145c4e4a3cc6e36248076593a3246e51e8c573ba2c3b42ec6Backdoor.Win32.Agent.oj malware suffers from a code execution vulnerability.
8faeac759a05bb08486eda151fb354844f5f6baa709ab533fa8a32f7f70b7ef7Microsoft Windows can dupe users into trusting executables with DLL hijacking and privilege escalation issues.
cb269dbc3308c3e9fbe0001388d76caee981689af8bcb73404441bdd457de392Backdoor.Win32.Agent.oj malware suffers from a buffer overflow vulnerability.
8c8a79c42d3684955728d6f7686bdbb095f8f13153149e1a27e1a6280de557d0Moodle version 3.6.1 suffers from a persistent cross site scripting vulnerability.
10b48eb14b6ab75c6cca96bf82b5960e18db998f04cd97bf856e58bca99bcedfBackdoor.Win32.Agent.kte malware suffers from a buffer overflow vulnerability.
a7887dce90da6a772b91c0867e50b61c4a1907fe63ed8b6931a5095b5e2c1906Backdoor.Win32.Agent.gmug malware suffers from a heap corruption vulnerability.
88399c2d9a4a3ecb689286c86845703121ea80b4bbcb96466285c0b81ea351eaRed Hat Security Advisory 2021-1469-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
8efc3a10ed3985999e1b7aeee64f3e3266d719805f205235eb7ad040dc3cf731GNU wget versions prior to 1.1.8 arbitrary file upload and code execution exploit.
9eb9c61465681cef828940670f5a66c10bc60e1ed0055a7bd92271cfbcee572fBackdoor.Win32.Agent.ggw malware suffers from a bypass vulnerability.
c52bcc6a9c74baab8584f1ee937aab5d3bc4311b75c55a5c5958da7c12fb02b7Worm.Win32.Delf.hu malware suffers from an insecure permissions vulnerability.
6abbcbb6c16e555127af6d381336bf0beab2d7cb1f78f22cd669c983a5c78385HEUR.Trojan.Win32.Bayrob.gen malware suffers from an insecure permissions vulnerability.
2f480d1b3c8516a6a6b58a12b785d20764d12fcc0e8ea1277b9aadf1006ce7e6Whitepaper discussing shortcut hotkey exploitation. Written in Hebrew.
c8c74623e683b5a6e9714332c12b43a04e48aa6c7aef2513132b4ae88e36e5dbA new SAFER bypass was discovered that affects older versions of windows.
af2bc8f393023dfcfdbaf3b86d4f45468c9560916410eab2deed331e64585960
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed