SmarterMail 16 suffers from an arbitrary file upload vulnerability.
72450c5aaab572c56de94f8bfdb91744Gentoo Linux Security Advisory 202006-7 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 68.9.0 are affected.
1dff3a35d7e048e992577693c9c49e95Gentoo Linux Security Advisory 202006-8 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.28.2 are affected.
e0641f66b5310fc66d5c30645f9e4540Gentoo Linux Security Advisory 202006-6 - Multiple vulnerabilities have been found in ssvnc, the worst of which could result in the arbitrary execution of code. Versions less than or equal to 1.0.29-r2 are affected.
ccf3d343ee86dccfd49618460f64a593Gentoo Linux Security Advisory 202006-5 - Nokogiri has a vulnerability allowing arbitrary execution of code if a certain function is used. Versions less than 1.10.4 are affected.
0961a15d4c55592989b001b1f4672babGentoo Linux Security Advisory 202006-2 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 83.0.4103.97 are affected.
930375bd60b7bba33caa44532d180990Gentoo Linux Security Advisory 202006-9 - A flaw in Adobe Flash Player may allow local or remote attacker(s) to execute arbitrary code. Versions less than 32.0.0.387 are affected.
ac74f8897e8e15e5fdc48661b468223bGentoo Linux Security Advisory 202006-11 - Multiple vulnerabilities have been found in Ansible, the worst of which could result in the arbitrary execution of code. Versions less than 2.9.7 are affected.
dec0bd00f521b67664a567de2b75d5adThis Metasploit module exploits CVE-2020-0787, an arbitrary file move vulnerability in outdated versions of the Background Intelligent Transfer Service (BITS), to overwrite C:\Windows\System32\WindowsCoreDeviceInfo.dll with a malicious DLL containing the attacker's payload. To achieve code execution as the SYSTEM user, the Update Session Orchestrator service is then started, which will result in the malicious WindowsCoreDeviceInfo.dll being run with SYSTEM privileges due to a DLL hijacking issue within the Update Session Orchestrator Service. Note that presently this module only works on Windows 10 and Windows Server 2016 and later as the Update Session Orchestrator Service was only introduced in Windows 10. Note that only Windows 10 has been tested, so your mileage may vary on Windows Server 2016 and later.
0804ff3bfe957376a4af71aa3919154fThis research discusses two different vulnerabilities addressed in the June 2020 Microsoft Patch Tuesday. An integer overflow in OLE marshalling and a race condition with arbitrary file deletion are described in detail.
d0d7691eecbbd82916538605ee2bdfa4Ubuntu Security Notice 4392-1 - It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could possibly result in arbitrary code execution. It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
2a8d26a4c0fc30acb37659ae44687215Ubuntu Security Notice 4391-1 - It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle setxattr operations in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
b9a5c4d0b8f881b21288f5e8a866b693Ubuntu Security Notice 4393-1 - It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could possibly result in arbitrary code execution. It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
1c2083f7dc6855a4a9ae2d20008669a7Ubuntu Security Notice 4383-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the addressbar, or execute arbitrary code. It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. Various other issues were also addressed.
7008565679641f0d4d2c4c80f6ec42cfThis Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to 6.7.4.0 to leak the administrator's REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to leverage the Cloupia script interpreter to execute code. This functionality is part of the application's intended operation and considered a "foreverday." The authentication bypass and directory traversals only get us there. If you already have an API key, you may set it in the API_KEY option. The LEAK_FILE option may be set if you wish to leak the API key from a different absolute path, but normally this isn't advisable. Tested on Cisco's VMware distribution of 6.7.3.0.
a3283617421910d08a845659be600c53This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable versions of WebLogic. Leveraging an ExtractorComparator enables the ability to trigger method.invoke(), which will execute arbitrary code.
70d9c90a8b31214d86ae1cb6e37b7167Ubuntu Security Notice 4382-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.
d66aa9aa039b0b13b0421f5b3b6dcb06CAYIN xPost version 2.5 suffers from an unauthenticated SQL injection vulnerability. Input passed via the GET parameter wayfinder_seqid in wayfinder_meeting_input.jsp is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.
d6686dcd290750e64871dcec7268adfcCAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.
2b40a82dbae2a46bd38664601734d373CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.
9a04cbad2c7bcc1e00789b91f73a0061NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from an arbitrary file download vulnerability.
e762859b96e7391cb7c4d0f1d5bc1371Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from arbitrary file read and write vulnerabilities. The application allows the currently logged-in user to edit the configuration files in the system using the CGI executable edit_config_files in /cgi-bin/cgix/. The files that are allowed to be modified (read/write/delete) are located in the /etc/config/ directory. An attacker can manipulate the POST request parameters to escape from the restricted environment by using absolute path and start reading, writing and deleting arbitrary files on the system.
71fd7f2810f3f64fb2be820cb487f7b5Apache Tomcat is affected by a Java deserialization vulnerability if the PersistentManager is configured as session manager. Successful exploitation requires the attacker to be able to upload an arbitrary file to the server. This archive includes a write up and proof of concept code from multiple researchers.
a4290abd849a9bb4c118b840fc087ac9Ubuntu Security Notice 4379-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.
7e08a5c44ce48e25c106d1a7f9732c46sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
e36fcd99ef29b97deb72bcd63e337507
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed