Gentoo Linux Security Advisory 201903-15 - Multiple vulnerabilities have been found in NTP, the worst of which could result in the remote execution of arbitrary code. Versions less than 4.2.8_p13 are affected.
8df860a16344eea891017b2ab32a71efeNdonesia Portal version 8.7 suffers from remote SQL injection and iframe injection vulnerabilities.
b099a2b684a207b7fd0c44f79a71a037Netartmedia PHP Mall version 4.1 suffers from a remote SQL injection vulnerability.
137db9a66101e3096824f22d24d3c15cNetartmedia Event Portal version 2.0 suffers from a remote SQL injection vulnerability.
7376fb572e9d675521a6918563b56747Netartmedia Real Estate Portal version 5.0 suffers from a remote SQL injection vulnerability.
3c11212afdb861fe4e2d3cc0f8e1218bUbuntu Security Notice 3906-2 - USN-3906-1 and USN-3864-1 fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
d6332636e5ade7508bf28fbcac3c59ccRed Hat Security Advisory 2019-0590-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
9ced9e836d867662811d99f22eea78e8TheCarProject version 2 suffers from a remote SQL injection vulnerability.
4798d80d4bad5e0537cc5cd98a477adfPHP MySQLi Database Class version 2.9.2 which is from joshcam suffers from a remote SQL injection vulnerability.
91d10b8a3c32ac8a868953e610dcaa2fThis Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900 on Ubuntu v18.04.
3ba74c7641d287a5a1d6cee6bdb0eff5This Metasploit module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verifies that the password of the provided user is correct. This also means if the software is running on a domain controller, it can be used to escalate from a normal domain user to domain admin as SYSTEM on a DC is DA. **WARNING** The windows version of this exploit uses powershell to execute the payload. The powershell version tends to timeout on the first run so it may take multiple tries.
07522a05b37456d4fcb66eb0e429685aMoodle version 3.4.1 remote code execution exploit.
bd02c3aeef707232a71ffa986a5773f5ICE HRM version 23.0 suffers from remote SQL injection and iframe injection vulnerabilities.
88f32bcf40b75d3ec675f719b69058c2Laundry CMS suffers from remote SQL injection and iframe injection vulnerabilities.
91203e9cc32fd60108329b5447497452Apache UNO with LibreOffice version 6.1.2 and OpenOffice version 4.1.6 API remote code execution exploit.
c108a620394311b96490df6e51bc7967Red Hat Security Advisory 2019-0564-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
948448d2cd42a869cd6d18a8e33317e0Gentoo Linux Security Advisory 201903-11 - A vulnerability was discovered in XRootD which could lead to the remote execution of code. Versions less than 4.8.3 are affected.
4241df9594cdfa9173b4a193db98e5b1FTPGetter Standard version 5.97.0.177 suffers from a remote code execution vulnerability.
c1f2598ede851e2d8bd34a3937a8b1dbUbuntu Security Notice 3902-2 - USN-3902-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.
65357e37cae18068e3e84434235d1e1fThis Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is not validated, allowing shell metacharacters. When performing image operations on JPEG files, the filename is passed to the exiftran utility without appropriate sanitization, causing shell commands in the file name to be executed, resulting in remote command injection as the web server user. The PHP connector is not enabled by default. The system must have exiftran installed and in the PATH. This module has been tested successfully on elFinder versions 2.1.47, 2.1.20, and 2.1.16 on Ubuntu.
3664569f65ef2128717bd5e02f29d7b4Ubuntu Security Notice 3906-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
56e847616d505958b3eb0f59eaea2e67BEopt suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (sdl2.dll and libegl.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file .BEopt located on a remote WebDAV or SMB share. Version 2.8.0 is affected.
7aee5a2862d6abbe08b84cd641d5b068Gentoo Linux Security Advisory 201903-6 - Multiple vulnerabilities have been discovered in rdesktop, the worst of which could result in the remote execution of arbitrary code. Versions less than 1.8.4 are affected.
bd29d49587b4aa9a06f853c5a4f16d28Debian Linux Security Advisory 4405-1 - Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, that could be leveraged to cause a denial of service or possibly remote code execution.
dd68b6adb0b142371c9fa559b22fea4aPRTG Network Monitor version 18.2.38 authenticated remote code execution exploit.
2b06f9eabbc967f98e8aa874f74fd388
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed