This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013).
9970ee35481f7a20c300ee03a6bed878Online Student Admission System version 1.0 suffers from remote SQL injection and shell upload vulnerabilities.
7c229a5b9a8e0f3ef87c71a68a2a9b33phpMyAdmin version 4.8.1 remote code execution exploit.
fbe5f0286e41025da8054b2489a24c20Engineers Online Portal version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to n11secur1ty in October of 2021.
69aac892466cdfbbe69f5600c743d5fdBalbooa Joomla Forms Builder version 2.0.6 suffers from a remote SQL injection vulnerability.
385f0773184063e0770d4e424bbaa68aBuild Smart ERP version 21.0817 suffers from a remote SQL injection vulnerability.
38e4219e22f894d3059ef94d52d0748aApache HTTP Server version 2.4.50 remote code execution exploit.
00e3007a5d132ef7e927cc763523a813Engineers Online Portal version 1.0 suffers from a remote shell upload vulnerability.
0b750d8a34a7cb1264a710eafc36a645Ubuntu Security Notice 5121-1 - Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross-site request forgery tokens to specific accounts. A remote attacker could use this to perform a CSRF attack to gain access to another account. Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman's cross-site request forgery tokens for the options page are derived from the admin password. A remote attacker could possibly use this to assist in performing a brute force attack against the admin password. Various other issues were also addressed.
e580a4cebc05a472a168210820d5451cOnline Course Registration version 1.0 suffers from a blind boolean-based remote SQL injection vulnerability.
9b97a78d2175eb8afde44e9c7ed943efClinic Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for a shell upload.
89d48af5619424e600f5f3f549e39af5SonicWall SMA version 10.2.1.0-17sv suffers from a remote password reset vulnerability.
fc825fd8b67124f85d0945de3adb5652Red Hat Security Advisory 2021-3942-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a use-after-free vulnerability.
319c80d9bc008e3f1933956b4aedbf41Ubuntu Security Notice 5111-2 - USN-5111-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
7500b7c4a02c2f112707a0502a50de50Ubuntu Security Notice 5111-1 - It was discovered that strongSwan incorrectly handled certain RSASSA-PSS signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
d642b815ed1027cedc528205f2749233Online Motorcycle (Bike) Rental System version 1.0 suffers from a remote SQL injection vulnerability.
7b19436e360e5b2ef26427b96797a3b1Ubuntu Security Notice 5109-1 - It was discovered that nginx incorrectly handled files with certain modification dates. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact.
f3a7d2fb8ecd1f45d342d3994d131223Virus.Win32.Ipamor.c malware suffers from an unauthenticated remote system reboot vulnerability.
2f19f129868bcea8d1756c51f3bece25Engineers Online Portal version 1.0 suffers from remote SQL injection vulnerabilities.
0ffc9687a1009102fe51cfb9fa30ee29Red Hat Security Advisory 2021-3872-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
a43690cd08c3f98691e6365feb793e65Red Hat Security Advisory 2021-3871-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
dce38a2c46b9fe4613dc07e9302afd66IFSC Code Finder Project version 1.0 suffers from a remote SQL injection vulnerability.
c1f94e7de16c295c0c0e95d1a45fe558TextPattern CMS version 4.8.7 suffers from an authenticated remote shell upload vulnerability.
a48c73645293b99b6fbcfeb552bf7cc4Simple Payroll System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
216367c07b58ea8e258e33f401324cedSimple Issue Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
9ca937bb43f720def1537a3345212cf1
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed