This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable versions of WebLogic. Leveraging an ExtractorComparator enables the ability to trigger method.invoke(), which will execute arbitrary code.
70d9c90a8b31214d86ae1cb6e37b7167Red Hat Security Advisory 2020-2383-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. An issue was addressed where BIND does not sufficiently limit the number of fetches performed when processing referrals as well as an issue where a logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c.
e92db49e925089bf66c1739a06cdd557Red Hat Security Advisory 2020-2354-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include integer overflow and out of bounds write vulnerabilities.
15ae8021fd96df0dfb1746fef5b95510Red Hat Security Advisory 2020-2345-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. An issue was addressed where BIND does not sufficiently limit the number of fetches performed when processing referrals.
1184c25b0bf931b7f9f86dd4d6f36e7eRed Hat Security Advisory 2020-2344-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. An issue was addressed where BIND does not sufficiently limit the number of fetches performed when processing referrals.
d0d173ebdd746f72b192287697bdc301Red Hat Security Advisory 2020-2336-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include integer overflow and out of bounds write vulnerabilities.
5d2cb273c144cc065dffa6f4c7e8801bRed Hat Security Advisory 2020-2338-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
a2e80d58f6aebde69885e7fefe2a3aeeRed Hat Security Advisory 2020-2335-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include integer overflow and out of bounds write vulnerabilities.
94dc2ae5b432b336772822bec529e6b5Red Hat Security Advisory 2020-2334-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include integer overflow and out of bounds write vulnerabilities.
607b4d3ddb74a2f874c8211b7f179b43Red Hat Security Advisory 2020-2295-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and integer overflow vulnerabilities.
3833a7bec9b95f38885612d757a4d717Red Hat Security Advisory 2020-2298-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an integer overflow vulnerability.
3670350c61bcda6ba4d3758af2f9a224Red Hat Security Advisory 2020-2296-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an integer overflow vulnerability.
8d312b0df6cfec0e6337720146dbce57Red Hat Security Advisory 2020-2297-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an integer overflow vulnerability.
9aa0f2b0fe3bfbd7b93ff9ff2ee6c6d3This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers.
e3a30f51596b55d810e3f2ed09788c15Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
4bbee1bdd5b88343733590fabfffddf3Compass Security identified a security feature bypass vulnerability in Microsoft Windows. Due to the absence of integrity verification requirements for the RPC protocol and in particular the Task Scheduler, a man-in-the-middle attacker can relay his victim's NTLM authentication to a target of his choice over the RPC protocol. Provided the victim has administrative privileges on the target, the attacker can execute code on the remote target.
9657b7615782fe7083c7fe7350cc206aRed Hat Security Advisory 2020-2070-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network. Issues addressed include a denial of service vulnerability.
4d581f9af9c072fe9c4077fa039eae3eRed Hat Security Advisory 2020-2071-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network. Issues addressed include a denial of service vulnerability.
2b5ac34e1b4a0738ed31ce4aff3f0fc4Red Hat Security Advisory 2020-2069-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network. Issues addressed include a denial of service vulnerability.
93ef46868aa6a8c942dc472ee7af12cbtestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
23f32eb9dee4e088a704a11bd2a2339aRed Hat Security Advisory 2020-1998-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. An issue was addressed where the DTLS client hello contains a random value of all zeroes.
4a83a76e05c1e7e9d4017a440d5453b2The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
2f7be789b8d36ac362490ddbdabe9ec8Red Hat Security Advisory 2020-1845-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
86c3a71f8a3ae1fafce7d4ee58bcd4a1Red Hat Security Advisory 2020-1878-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
e538168e223211505173551f3a20f93eRed Hat Security Advisory 2020-1792-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include buffer overflow and double free vulnerabilities.
18d77e36f531d8ecfa916126fffa8ef4
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed