GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to remote code execution exploit.
7d48adbe7385fbb2fa16170c86231d41glFTPd version 2.11a remote denial of service exploit.
04295a11c4a07b213d22cabfafda8897This Metasploit module exploits a command injection vulnerability in the /admin/monitoringplugins.php page of Nagios XI versions prior to 5.8.0 when uploading plugins. Successful exploitation allows an authenticated admin user to achieve remote code execution as the apache user by uploading a malicious plugin. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios versions XI 5.3.0 and 5.7.5, both running on CentOS 7.
91ac1437912ce19fca5580399b1f6625Red Hat Security Advisory 2021-1213-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.
f6142e68f1df84df908f4d4a87b6faa3Red Hat Security Advisory 2021-1214-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.
b0946864ece1ccc1be34e647b1488d32Red Hat Security Advisory 2021-1197-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.
e9e03e4b0233fd765faa0bcd5a79ec44Webmail Edition version 5.2.22 suffers from remote code execution and cross site scripting vulnerabilities via the Horde_Text_Filter library.
dd1588866001ae370f23e0d6ec8d2f71CITSmart ITSM version 9.1.2.27 suffers from a remote time-based blind SQL injection vulnerability.
3d24d2282ef6f774e3ec4558ad1409d1Genexis PLATINUM 4410 version 2.1 P4410-V2-1.28 suffers from a remote command execution vulnerability.
43aeccc4d2fcad984b051b4cdbb1583fDigital Crime Report Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0caf2f815b9b8bcfabd56d4dce51e40cUbuntu Security Notice 4906-1 - It was discovered that Nettle incorrectly handled signature verification. A remote attacker could use this issue to cause Nettle to crash, resulting in a denial of service, or possibly force invalid signatures.
c2e4fcc4e7b04575de37436facddec21Blitar Tourism version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
03d4e059484374b7780a14a295e4a837Chrome V8 Javascript Engine remote code execution zero day exploit. Google is expected to release an update to their browser on tuesday 04/14/2021 that will address this vulnerability.
a76d90d5f2c12f9efc441081adf2aabeSimple Student Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
bfec25b7957828dbd5331e19f7c20a6fNative Church Website version 1.0 suffers from a remote shell upload vulnerability.
dee64438c491f2610eabc5f7febbf30bUbuntu Security Notice 4899-2 - USN-4899-1 fixed a vulnerability in SpamAssassin. This update provides the corresponding update for Ubuntu 14.04 ESM. Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code. Various other issues were also addressed.
baaca2f9e7d6c1f8404929e19baf3d8dvsftpd version 2.3.4 backdoor remote command execution exploit.
accb8a13d15982d8cbc9b5a4c1df898dPrestaShop version 1.7.6.7 suffers from a remote blind SQL injection vulnerability.
c954154779fef04ad61ce904511a42b9Ubuntu Security Notice 4896-2 - USN-4896-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that lxml incorrectly handled certain HTML attributes. A remote attacker could possibly use this issue to perform cross-site scripting attacks. Various other issues were also addressed.
e4f2f008e2cdcc1460a0b818e3b91206Linux kernel version 5.4 BleedingTooth bluetooth zero-click proof of concept remote code execution exploit.
11e39065cefe8b6ef7461c14faa79210Composr version 10.0.36 suffers from a remote shell upload vulnerability.
735eb24f76261ce2e85c105910c3e39cThis Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gogs. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the permission needs to be specifically granted by an administrator. To achieve code execution, the module authenticates to the Gogs web interface, creates a temporary repository, sets a post-receive git hook with the payload and creates a dummy file in the repository. This last action will trigger the git hook and execute the payload. Everything is done through the web interface. No mitigation has been implemented so far (latest stable version is 0.12.3). This module has been tested successfully against version 0.12.3 on docker. Windows version could not be tested since the git hook feature seems to be broken.
b94ad9d4b20219eb61069ef797cbb9b2This Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gitea. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the permission needs to be specifically granted by an administrator. To achieve code execution, the module authenticates to the Gitea web interface, creates a temporary repository, sets a post-receive git hook with the payload and creates a dummy file in the repository. This last action will trigger the git hook and execute the payload. Everything is done through the web interface. It has been mitigated in version 1.13.0 by setting the Gitea DISABLE_GIT_HOOKS configuration setting to true by default. This disables this feature and prevents all users (including admin) from creating custom git hooks. This module has been tested successfully against docker versions 1.12.5, 1.12.6 and 1.13.6 with DISABLE_GIT_HOOKS set to false, and on version 1.12.6 on Windows.
4cb5b6740800ce4b96147b406421ff7bIgnition versions prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel versions prior to 8.4.2.
f2749663416c9f45e752a3213c8cb2d6Ubuntu Security Notice 4903-1 - Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information.
dbdf4b4dd72c03617d13968ae01c2494
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed