GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to remote code execution exploit.
7d48adbe7385fbb2fa16170c86231d41glFTPd version 2.11a remote denial of service exploit.
04295a11c4a07b213d22cabfafda8897This Metasploit module exploits a command injection vulnerability in the /admin/monitoringplugins.php page of Nagios XI versions prior to 5.8.0 when uploading plugins. Successful exploitation allows an authenticated admin user to achieve remote code execution as the apache user by uploading a malicious plugin. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios versions XI 5.3.0 and 5.7.5, both running on CentOS 7.
91ac1437912ce19fca5580399b1f6625Backdoor.Win32.Zombam.h malware suffers from a buffer overflow vulnerability.
308161972b359f1869950d7c71eb27e6htmly version 2.8.0 suffers from a persistent cross site scripting vulnerability.
1f7856dd557f345879af5eb7735315e1Horde Groupware Webmail version 5.2.22 suffers from a persistent cross site scripting vulnerability.
1f541c98d0a23790929a497d47013d7dTileserver-gl version 3.0.0 suffers from a cross site scripting vulnerability.
63b23bdee2d001f4b4ad1f9e7216ae76This is a script to trigger (Rowhammer) bit flips on TRR-enabled DDR4 SDRAM through Firefox. It will only work with THP enabled and after having set the target-specific parameters.
c40ce9966f87adf416aa82e25735f9e2Microsoft Azure DevOps Server version 2020.0.1 suffers from a cross site scripting vulnerability.
4994087ae5636e46cc4be43cc0c489f6Webmail Edition version 5.2.22 suffers from remote code execution and cross site scripting vulnerabilities via the Horde_Text_Filter library.
dd1588866001ae370f23e0d6ec8d2f71HEUR.Hoax.Win32.FrauDrop.gen malware suffers from an insecure permissions vulnerability.
50c66b4d86576b7c155504ec687423d1CITSmart ITSM version 9.1.2.27 suffers from a remote time-based blind SQL injection vulnerability.
3d24d2282ef6f774e3ec4558ad1409d1CITSmart ITSM version 9.1.2.22 suffers from an LDAP injection vulnerability.
4ac23ee971f692bf2ad5ddba1be97403Trojan.Win32.Agent.zfgh malware suffers from an insecure permissions vulnerability.
3b8d24907908e6336805de66cf3aa2f4MariaDB version 10.2 suffers from a command execution vulnerability.
ce7c5713f1101721cb65c9278e2e5467Genexis PLATINUM 4410 version 2.1 P4410-V2-1.28 suffers from a remote command execution vulnerability.
43aeccc4d2fcad984b051b4cdbb1583fTrojan.Win32.Jorik.qje malware suffers from an insecure permissions vulnerability.
faf5ffe170a3559624827f291850035fDigital Crime Report Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0caf2f815b9b8bcfabd56d4dce51e40cjQuery version 1.0.3 suffers from a cross site scripting vulnerability.
179fd6b72dec05ab89308264840d7aa5jQuery version 1.2 suffers from a cross site scripting vulnerability.
f6880c94004df62f5be9b507d04e021fThis Metasploit module exploits a vulnerability in the getprofile.sh script of Nagios XI versions prior to 5.6.6 in order to upload a malicious check_ping plugin and thereby execute arbitrary commands. For Nagios XI 5.2.0 through 5.4.13, the commands are run as the nagios user. For versions 5.5.0 through 5.6.5, the commands are run as root. Note that versions prior to 5.2.0 will still be marked as being vulnerable however this module does not presently support exploiting these targets. The module uploads a malicious check_ping plugin to the Nagios XI server via /admin/monitoringplugins.php and then executes this plugin by issuing a HTTP GET request to download a system profile from the server. For all supported targets except Linux (cmd), the module uses a command stager to write the exploit to the target via the malicious plugin. This may not work if Nagios XI is running in a restricted Unix environment, so in that case the target must be set to Linux (cmd). The module then writes the payload to the malicious plugin while avoiding commands that may not be supported. Valid credentials for a user with administrative privileges are required. This module was successfully tested on Nagios XI 5.3.0 and Nagios 5.6.5, both running on CentOS 7. For vulnerable versions before 5.5.0, it may take a significant amount of time for the payload to get back (up to 5 minutes). If exploitation fails against an older system, it is recommended to increase the WfsDelay setting (default is 300 seconds).
c535c12509a747d756650bedc5b31fcaThe access limit check for non-local admins when accessing the SCM remotely can be bypassed by requesting MAXIMUM_ALLOWED, leading to gaining access to start services etc.
281e52fe6059770b5acb2e965164e4a3Blitar Tourism version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
03d4e059484374b7780a14a295e4a837Chrome V8 Javascript Engine remote code execution zero day exploit. Google is expected to release an update to their browser on tuesday 04/14/2021 that will address this vulnerability.
a76d90d5f2c12f9efc441081adf2aabeExpressVPN VPN Router version 1.0 suffers from an integer overflow vulnerability.
c2b0de22fdf163131606730f4d69a979
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed