This is a newer method to exploit php-fpm to achieve remote code execution when certain nginx with php-fpm configurations exist.
4cbdb53c733266a5189ec2df70c12e1bThis Metasploit module exploits a vulnerability in Total.js CMS. The issue is that a user with admin permission can embed a malicious JavaScript payload in a widget, which is evaluated server side, and gain remote code execution.
1764c2113b6babdc9f9a58ffd2bc284fTrend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below suffer from a remote code execution vulnerability.
efda6406cb80c26ebe21b6449a6d1caeRed Hat Security Advisory 2019-3149-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains an update for jackson-databind in the logging-elasticsearch5 container image for Red Hat OpenShift Container Platform 3.11.153. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.
9bd639dd8fed715fd210bfdd7adaad62Red Hat Security Advisory 2019-3140-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This release of Red Hat JBoss Data Virtualization 6.4.8 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, information leakage, and path sanitization vulnerabilities.
62ddc64d2da4efc2000f826c874707b3Whatsapp version 2.19.216 suffers from a remote code execution vulnerability.
bb8020ea612d6105eb21db5cad4eec5dRed Hat Security Advisory 2019-3050-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.4 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass and code execution vulnerabilities.
0542e6d7171516c6f163a08eb0d6098bRed Hat Security Advisory 2019-3046-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.4 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass and code execution vulnerabilities.
ab6f65dbc2c4eb6f4c7094f30ee9db20Red Hat Security Advisory 2019-3045-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.4 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass and code execution vulnerabilities.
9a2e0f6ed68a65065bfa4e69b8357e47Red Hat Security Advisory 2019-3044-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.4 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass and code execution vulnerabilities.
fb2bc6b05694e4f354b7ad7fd815d73fRed Hat Security Advisory 2019-3024-01 - The ovirt-web-ui package provides the web interface for Red Hat Virtualization. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
34d270987353fef45ff226704c50a15dRed Hat Security Advisory 2019-3023-01 - The ovirt-engine-ui-extensions package contains UI plugins that provide various extensions to the oVirt administration UI. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
ead5ab3cdfaaa8cea7bbae101c52ab4aRed Hat Security Advisory 2019-3002-01 - Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Issues addressed include code execution and deserialization vulnerabilities.
5a54ba2d3fe41c63f0a1649897b66bf0Red Hat Security Advisory 2019-2998-01 - Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Thorntail 2.5.0 serves as a replacement for RHOAR Thorntail 2.4.0, and includes security and bug fixes and enhancements. Issues addressed include code execution and deserialization vulnerabilities.
28377943fdda0cfb44e37a74ab1c6944Apple Security Advisory 2019-10-07-4 - iCloud for Windows 7.14 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
674430b600662e944210bc20e841afd7Apple Security Advisory 2019-10-07-3 - iCloud for Windows 10.7 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
60950df4e7126c0b4c002000d0054239Apple Security Advisory 2019-10-07-2 - iTunes for Windows 12.10.1 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
9afe24ba991364697b29be8710f3f4afApple Security Advisory 2019-10-07-1 - macOS Catalina 10.15 is now available and addresses buffer overflow and code execution vulnerabilities.
8b52c38587dbb029422153778ede0906vBulletin versions 5.5.4 and below suffers from an updateAvatar remote code execution vulnerability.
2bd3e76b0d1ad20fdb921832d6d49f29IcedTeaWeb suffers from multiple vulnerabilities including directory traversal and validation bypass issues that can lead to remote code execution. The affected versions are 1.7.2 and below, 1.8.2 and below. 1.6 is also vulnerable and not patched due to being EOL. Proof of concepts are provided.
ea6508180f62fca63a4c9cdbaca675adIBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution.
8ae1f789332dbd08c91e2e0e13536381Debian Linux Security Advisory 4542-1 - It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker providing maliciously crafted input to perform code execution, or read arbitrary files on the server.
e509eea85afe53f7ec68ab71ee2d7af6Joomla versions 3.0.0 through 3.4.6 suffer from a remote code execution vulnerability in configuration.php.
3dbace36f03416b2067e44c5ab4dfc35Red Hat Security Advisory 2019-2964-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.
75c7ec1d8cc722f980305c9e92953526Notepad++ (x64) versions prior to 7.7 allow remote code execution or denial of service via a crafted .ml file.
f8a4557604cf8293c54fe98904c1a95e
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed