This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passed to an insecure .NET deserialize call which allows for remote command execution.
56021ce239bc4ef2d157567974ec70ffExtreme Networks Aerohive HiveOS versions 11.x and below remote denial of service exploit. An unauthenticated malicious user can trigger a denial of service (DoS) attack when sending specific application layer packets towards the Aerohive NetConfig UI. This proof of concept exploit renders the application unusable for 305 seconds or 5 minutes with a single HTTP request using the action.php5 script calling the CliWindow function thru the _page parameter, denying access to the web server hive user interface.
8bc523d3b61e243e2e55cdddefe4c905Online Clothing Store version 1.0 suffers from a remote SQL injection vulnerability.
ff6487a8ff05ed05abe1c7c229afe958YesWiki cercopitheque version 2020.04.18.1 suffers from a remote SQL injection vulnerability.
8ffa605c3b8536237c57ba523f09defdPisay Online E-Learning System version 1.0 suffers from remote SQL Injection and code execution vulnerabilities.
c0c573cce24cfaa86ad1d9b4c0ba79e7IBM Data Risk Manager (IDRM) contains three vulnerabilities that can be chained by an unauthenticated attacker to achieve remote code execution as root. The first is an unauthenticated bypass, followed by a command injection as the server user, and finally abuse of an insecure default password. This module exploits all three vulnerabilities, giving the attacker a root shell. At the time of disclosure, this is a 0day. Versions 2.0.3 and below are confirmed to be affected, and the latest 2.0.6 is most likely affected too.
3146f36e720ad41b90d484a8f93fd1deSaltstack version 3000.1 suffers from a remote code execution vulnerability.
3d2d2a6913589181fa16c72fa6595c90SimplePHPGal version 0.7 suffers from a remote file inclusion vulnerability.
69eb6230d589074cf1c0543f754f010bPhreeBooks ERP version 5.2.5 suffers from a remote command execution vulnerability.
3eb38b6112cfe92587bb29732357294bOnline Scheduling System version 1.0 suffers from a remote SQL injection vulnerability.
a849e94015acb2832049808370ead33caddressbook version 9.0.0.1 suffers from a remote SQL injection vulnerability.
46f9e67a67921a342beaa2b6469e0931Fishing Reservation System suffers from multiple remote SQL injection vulnerabilities.
2aaa59d78fca12b13c59f0f84e809e13iJoomla AdAgency component version 6.0.9 suffers from a remote SQL injection vulnerability.
30318823aa8bf5f59681179d5513c3c7FlashGet version 1.9.6 remote buffer overflow proof of concept exploit.
78034629a3a69d6e02974c388fd4049bUbuntu Security Notice 4333-2 - USN-4333-1 fixed vulnerabilities in Python. This update provides the corresponding update for Ubuntu 20.04 LTS. It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. Various other issues were also addressed.
2dbbfbaed601e32e6da1b12707626d46Ubuntu Security Notice 4341-2 - USN-4341-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. Various other issues were also addressed.
7f4f95a8935362a14eb9d57fe1cd57a0This Metasploit module exploits a vulnerability that allows remote attackers to execute arbitrary code on vulnerable installations of Apache Shiro version 1.2.4.
50bc5cef4f68b32fda9b582ca1462094Ubuntu Security Notice 4341-3 - USN-4341-1 fixed vulnerabilities in Samba. The updated packages for Ubuntu 16.04 LTS introduced a regression when using LDAP. This update fixes the problem. It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. Various other issues were also addressed.
87e404efb185f6aae61c399f2cacb653Ubuntu Security Notice 4347-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
380e072a308e347bf34eabb33090812chits script version 1.0 suffers from a remote SQL injection vulnerability.
cca4702b603ff9b386579c0fbf4238f2Open-AudIT Professional version 3.3.1 suffers from a remote code execution vulnerability.
f1858718f305636a70afa52eb45eee3aOpen-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.
7ea2efd5fece16f023d6a11fbc170dd9School ERP Pro version 1.0 suffers from a remote code execution vulnerability.
e8c1176525438a945e38eefe3db8e8ecSchool ERP Pro version 1.0 suffers from a remote SQL injection vulnerability.
ede193aee7ab43343b5ef4a91a825d59Ubuntu Security Notice 4341-1 - Andrei Popa discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. Various other issues were also addressed.
2bccbe86ea1f3ad867880a05f786d1ff
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed