Backdoor.Win32.Bionet.10 malware suffers from bypass and code execution vulnerabilities.
4a09c5d365ed0bb4d9f293625baa7c1dRed Hat Security Advisory 2021-4918-03 - A minor version update is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, information leakage, privilege escalation, and server-side request forgery vulnerabilities.
2085d56a00a482fe0b2106ca378ec2c1Red Hat Security Advisory 2021-4848-07 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include code execution and denial of service vulnerabilities.
2591ed0de4b4020ff960254cb6cbffcdLaundry Booking Management System version 1.0 suffers from a remote code execution vulnerability.
33e3b7d9f8f26e8ad11d2b21ca65b079Red Hat Security Advisory 2021-4845-05 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a code execution vulnerability.
a7ae02809742ebeb0ce32057d6ef3179This document aims at explaining some recent vulnerabilities in Apache HTTP Server that leads to attacks like path traversal and remote code execution.
feda936f15f34e868bc723af3bf3cca5Backdoor.Win32.Coredoor.10.a malware suffers from bypass and code execution vulnerabilities.
d820cb7a3b88112f83ab2190847a377bCMSimple version 5.4 local file inclusion to remote code execution exploit.
7d206d745fd2639b990408dc45a77919Whitepaper that gives an analysis of the remote code execution vulnerability noted in CVE-2019-11932 for WhatsApp that affects versions prior to 2.19.244. Written in Spanish.
31d209ac94755e2988452af4a8d5628eRed Hat Security Advisory 2021-4767-01 - This release of Red Hat Integration - Camel Extensions for Quarkus - 2.2 GA serves as a replacement for tech-preview 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, denial of service, deserialization, information leakage, resource exhaustion, and server-side request forgery vulnerabilities.
d880ef6964a5149dc3cd400671e6bfebWhitepaper called PrintNightmare Vulnerability. This document illustrates the exploitation of the vulnerability found in the Windows spooler service. Originally thought to be a local privilege escalation vulnerability in the Windows Print Spooler, identified as CVE-2021-1675 and patched during Microsoft's June Patch. Microsoft increased the severity of this issue on June 21 as well as reclassifying it as a 'remote code execution' (RCE) threat. This RCE vulnerability has been assigned a new identifier, CVE-2021-34527.
abd7ef242b6bd0fffaf67005b519a4bdBackdoor.Win32.Antilam.11 malware suffers from a code execution vulnerability.
28adf2b1a70e25828c672a436e95ef6dThis Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name of a user which is concatenated into a string that is executed by bash. In order for the vulnerability to be exploitable, there must have been at least one topology submitted to the server. The topology may be active or inactive, but at least one must be present. Successful exploitation results in remote code execution as the user running Apache Storm. This vulnerability was patched in versions 2.1.1, 2.2.1 and 1.2.4. This exploit was tested on version 2.2.0 which is affected.
2631462b02a2e967032a92da5e87ddaeRed Hat Security Advisory 2021-4032-01 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.
0afccb07d0753c3bcf41066f814de533GitLab version 13.10.2 remote code execution exploit that provides a reverse shell.
a203e85e39e4798bc3ada54cb3cc7271Red Hat Security Advisory 2021-4628-01 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.
5c0c857ac2edb1d70109b429de61ae99Red Hat Security Advisory 2021-4702-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include XML injection, code execution, denial of service, information leakage, local file inclusion, man-in-the-middle, memory leak, open redirection, password leak, remote file inclusion, remote shell upload, and traversal vulnerabilities.
15d37f280e159b35ed6469b1f97ed672This Metasploit module exploits a deserialization vulnerability in the Report.ashx page of Sitecore XP 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7. Versions 7.2.6 and earlier and 9.0 and later are not affected. The vulnerability occurs due to Report.ashx's handler, located in Sitecore.Xdb.Client.dll under the Sitecore.sitecore.shell.ClientBin.Reporting.Report definition, having a ProcessRequest() handler that calls ProcessReport() with the context of the attacker's request without properly checking if the attacker is authenticated or not. This request then causes ReportDataSerializer.DeserializeQuery() to be called, which will end up calling the DeserializeParameters() function of Sitecore.Analytics.Reporting.ReportDataSerializer, if a "parameters" XML tag is found in the attacker's request. Then for each subelement named "parameter", the code will check that it has a name and if it does, it will call NetDataContractSerializer().ReadObject on it. NetDataContractSerializer is vulnerable to deserialization attacks and can be trivially exploited by using the TypeConfuseDelegate gadget chain. By exploiting this vulnerability, an attacker can gain arbitrary code execution as the user that IIS is running as, aka NT AUTHORITY\NETWORK SERVICE. Users can then use technique 4 of the "getsystem" command to use RPCSS impersonation and get SYSTEM level code execution.
cdadfd61899fe57ebdfb290f0c923b2bOnline Learning System version 2.0 remote code execution exploit that leverages SQL injection, authentication bypass, and file upload vulnerabilities.
f1d60fe020db91363e34d8e5e5d028e1Red Hat Security Advisory 2021-4686-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include code execution and use-after-free vulnerabilities.
2ad254234ea3cd25e075e0db894e8683This Metasploit module exploits local file inclusion and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS administrative webinterface. Vulnerable versions allow for LFI because they rely on a version of PHP 5 that is vulnerable to string truncation attacks. This module leverages this issue in conjunction with log poisoning to gain remote code execution as root. Upon successful exploitation, the Aerohive NetConfig application will hang for as long as the spawned shell remains open. Closing the session should render the application responsive again. The module provides an automatic cleanup option to clean the log. However, this option is disabled by default because any modifications to the /tmp/messages log, even via sed, may render the target (temporarily) unexploitable. This state can last over an hour. This module has been successfully tested against Aerohive NetConfig versions 8.2r4 and 10.0r7a.
70c6dcfbe8cd1056d848f4af42f66776This is another variant of the Apache HTTP server version 2.4.50 remote code execution exploit.
906a8c46154c93bb51e32c7b41fa2eb0A use after free vulnerability exists in the NtGdiResetDC() function of Win32k which can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists due to the fact that this function calls hdcOpenDCW(), which performs a user mode callback. During this callback, attackers can call the NtGdiResetDC() function again with the same handle as before, which will result in the PDC object that is referenced by this handle being freed. The attacker can then replace the memory referenced by the handle with their own object, before passing execution back to the original NtGdiResetDC() call, which will now use the attacker's object without appropriate validation. This can then allow the attacker to manipulate the state of the kernel and, together with additional exploitation techniques, gain code execution as NT AUTHORITY\SYSTEM. This Metasploit module has been tested to work on Windows 10 x64 RS1 (build 14393) and RS5 (build 17763), however previous versions of Windows 10 will likely also work.
98ae62353bf31ba68e3677a972b003c7Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability.
36528585cba85176debf6b055a43a015Red Hat Security Advisory 2021-4142-02 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include code execution and cross site scripting vulnerabilities.
c16b0a284d0b0aa7f3ad83efa6ce6464
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed