SpamTitan version 7.07 suffers from an authenticated remote code execution vulnerability.
ca2b9bc9d086483e304d942fc84321d8Microsoft SQL Server Reporting Services 2016 suffers from a remote code execution vulnerability.
ce6d37b9f76993c4ef670912502b7095VTENEXT 19 CE suffers from a remote code execution vulnerability.
7e1925aab1a49335535c175d97fc5fbaTea LaTex version 1.0 suffers from an unauthenticated remote code execution vulnerability.
eacc96ce287373be9a31e4ae72cf492bCuteNews version 2.1.2 remote code execution exploit.
e176c78c1c1e2baa2f5c4ade2915f4fbRed Hat Security Advisory 2020-3616-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities.
2a08694d7af59fd8bf40152477cd5a0eThe Qualcomm Adreno GPU shares a global mapping called a "scratch" buffer with the Adreno KGSL kernel driver. The contents of the scratch buffer can be overwritten by untrusted GPU commands. This results in a logic error in the Adreno driver's ringbuffer allocation code, which can be used to corrupt ringbuffer data. A race condition exists between the ringbuffer corruption and a GPU context switch, and this results in a bypass of the GPU protected mode setting. This ultimately means that an attacker can read and write arbitrary physical addresses from userland by running GPU commands while protected mode disabled, which results in arbitrary kernel code execution.
1b8910b13d2d3595dcd217d98080e491All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) perform insecure deserialization practices that can lead to code execution.
3c981b4ffeff1009ea3009c81627d773Red Hat Security Advisory 2020-3662-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, integer overflow, null pointer, out of bounds read, and use-after-free vulnerabilities.
1e12fa29983b7f83af758496e3d90857Red Hat Security Advisory 2020-3678-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.8.1 serves as an update to Red Hat Process Automation Manager 7.8.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and code execution vulnerabilities.
66ccc95f168b4ea8bad261163122f621Red Hat Security Advisory 2020-3675-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.8.1 serves as an update to Red Hat Decision Manager 7.8.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and code execution vulnerabilities.
2a4f053ecd9a745998925e0a686eff30ManageEngine Applications Manager authenticated remote code execution exploit that leverages the newInstance() and loadClass() methods being used by the "WeblogicReference", when attempting a Credential Test for a new Monitor. Versions below 14720 are affected.
c91e6651f35b95c2f31437f3f8bc1b36Mara CMS version 7.5 suffers from a remote code execution vulnerability.
01153c71819eaa4b8c162c658fe780abTP-Link WDR4300 with firmware versions 3.13.33 and 3.14.3 post-authentication remote code execution exploit.
38390c706886084d27ba36ed81ec08cfEikon Thomson Reuters version 4.0.42144 suffers from a weak permissions issue that can lead to code execution.
6d91015a714754463b09047fbee74073Red Hat Security Advisory 2020-3574-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include bypass and code execution vulnerabilities.
bd03d4978fc69d3110e68b9684b0e2b9Mida eFramework version 2.9.0 suffers from a remote code execution vulnerability.
8be781eaf06f1659e68f4efbe0b4df1bSeowon SlC 130 Router suffers from a remote code execution vulnerability.
eaead57ab327d6f2b9f26f28dac83033This Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM(100) versions below v1.03R0100_BETA6. The vulnerability exists in the username cookie, which is passed to eval() without being sanitized. Dangerous functions are not disabled by default, which makes it possible to get code execution on the target.
ad4f9d0e1e861c8a9f9b8b0544120a4cThis Metasploit module exploits an authenticated arbitrary command execution vulnerability within the 'server' GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.25 as well as firmware versions 1.12.13.2 and 1.12.14.5 when the 'type' GET parameter is set to 'ntp'. Successful exploitation results in remote code execution as the root user.
1808f8c08c4e0f56746b33c5880b103dMicrosoft SharePoint Server 2019 remote code execution exploit.
43a96db1ad4268459beaa3fcfac715ddThis Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also providing the widget_php argument. This causes the former template to load the latter bypassing filters originally put in place to address CVE-2019-16759. This also allows the exploit to reach an eval call with user input allowing the module to achieve PHP remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.2 on Ubuntu Linux.
b60b0666592e30c6b174a6e6343f7c54QiHang Media Web Digital Signage version 3.0.9 suffers from a pre-authentication remote code execution vulnerability.
7c248458391a49820ad700528da5bdc1Travel Management System version 1.0 unauthenticated remote code execution exploit.
481e294a5c3b19ae9308d1e27f22aecevBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in python.
7f634e6b6aa1449d9669ac7fe9ef4d5b
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed