Apple Security Advisory 2020-06-01-3 - tvOS 13.4.6 is now available and addresses a code execution vulnerability.
f33f5b55fa7b3a63074831376f1a02d9Apple Security Advisory 2020-06-01-2 - macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003 High Sierra are now available and address a code execution vulnerability.
ed0f632ce14109787056a63cbd9fb8a9Apple Security Advisory 2020-06-01-1 - iOS 13.5.1 and iPadOS 13.5.1 are now available and address a code execution vulnerability.
345ba38728f3e0788398c087f24abe34This Metasploit module exploits a SQL injection vulnerability found in vBulletin versions 5.6.1 and below. This module uses the getIndexableContent vulnerability to reset the administrator's password and it then uses the administrators login information to achieve remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.1 on the Ubuntu Linux distribution.
fd4655c52e9ed2a0c5c8f8a33cf22cf0Microsoft Windows SMBGhost pre-authentication remote code execution exploit.
6f54467077d49c52e347f4693385e76eQuickBox Pro versions 2.1.8 and below suffer from an authenticated remote code execution vulnerability.
4c1621ff0ddada36f5075574033b2ee4Apple Security Advisory 2020-05-26-4 - tvOS 13.4.5 addresses code execution, cross site scripting, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
81d9a3b413281addfed064bcea5fcab2Apple Security Advisory 2020-05-26-11 - Windows Migration Assistant 2.2.0.0 (v. 1A11) is now available and addresses a code execution vulnerability.
a39cc03e4fead835d7ca1474dea20d30Apple Security Advisory 2020-05-26-10 - iCloud for Windows 7.19 is now available and addresses code execution, cross site scripting, denial of service, out of bounds read, and out of bounds write vulnerabilities.
1914f521bdf896420dfcdb61d01d022fApple Security Advisory 2020-05-26-9 - iCloud for Windows 11.2 is now available and addresses code execution, cross site scripting, denial of service, out of bounds read, and out of bounds write vulnerabilities.
505d9135fc0282789086d7a39861e439Apple Security Advisory 2020-05-26-5 - watchOS 6.2.5 addresses code execution, cross site scripting, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
4c33fa712fc6587e6b2fc7aef5f0833bApple Security Advisory 2020-05-26-8 - iTunes 12.10.7 for Windows addresses code execution, cross site scripting, denial of service, out of bounds read, and out of bounds write vulnerabilities.
291e94da2513acdd977e166aa42053c6Apple Security Advisory 2020-05-26-3 - macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra are now available and address bypass, code execution, denial of service, double free, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
f886e2685c265c1b6943d183b100b952Apple Security Advisory 2020-05-26-7 - Safari 13.1.1 is now available and addresses code execution and cross site scripting vulnerabilities.
22da1b429e77c46ccafd69d8581e49f7Apple Security Advisory 2020-05-26-1 - iOS 13.5 and iPadOS 13.5 address bypass, code execution, cross site scripting, denial of service, double free, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
3bf84c95f1052ea67704c2a2f7179ba0This Metasploit module exploits a command execution in Pi-Hole versions 4.3.2 and below. A new DHCP static lease is added with a MAC address which includes a remote code execution issue.
e6986dcdd89a11102dc17483054ea333Pi-hole version 4.4.0 suffers from a remote code execution vulnerability.
b5850c62bfcb5f5502dd24e3e1620efcOpenEMR versions prior to 5.0.1 suffer from a remote code execution vulnerability.
87a864957a5dc630242ec3e29a88bed1Online Discussion Forum Site version 1.0 suffers from a remote code execution vulnerability.
113d7a6e21247ce27a716909e115a501This Metasploit module exploits a ViewState .NET deserialization vulnerability in web-based MS SQL Server management tool myLittleAdmin, for version 3.8 and likely older versions, due to hardcoded machineKey parameters in the web.config file for ASP.NET. Popular web hosting control panel Plesk offers myLittleAdmin as an optional component that is selected automatically during "full" installation. This exploit caters to the Plesk target, though it should work fine against a standalone myLittleAdmin setup. Successful exploitation results in code execution as the user running myLittleAdmin, which is IUSRPLESK_sqladmin for Plesk and described as the "SQL Admin MSSQL anonymous account". Tested on the latest Plesk Obsidian with optional myLittleAdmin 3.8.
863f2f71f0ddb8aeb000570885bf0d3fGym Management System version 1.0 suffers from an unauthenticated remote code execution vulnerability.
ce64ae85eae1a7a26c36e368e636d47bThis Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers.
e3a30f51596b55d810e3f2ed09788c15OpenEDX platform Ironwood version 2.5 suffers from a remote code execution vulnerability.
eb74b7ef637d95cec604f0cd7433300aCraft CMS 3 with vCard plugin version 1.0.0 suffers from a remote code execution vulnerability.
076cdf1ae5f96d31a7d5d08945141f4eProtection Licensing Toolkit ReadyAPI version 3.2.5 suffers from an unsafe deserialization vulnerability that allows for remote code execution.
04d24a10d080f67a99623c2a47d1d455
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed