Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A _template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is not required to exploit this vulnerability. By default, Java payload will be used because it is cross-platform, but you can also specify which native payload you want (Linux or Windows). Confluence before version 6.6.12, from version 6.7.0 before 6.12.3, from version 6.13.0 before 6.13.3 and from version 6.14.0 before 6.14.2 are affected.
f4c247f9a9679d32c545b710244463bf290d04f611d0ecce6a6427fde7c101efUbuntu Security Notice 3950-1 - It was discovered that ZNC incorrectly handled certain invalid encodings. An authenticated remote user could use this issue to cause ZNC to crash, resulting in a denial of service, or possibly execute arbitrary code.
5fb5e38bcebcd5886bfe640b23b9a72b51a271df222d4ca60853a577cc65e6f7Netwide Assembler (NASM) version 2.14rc15 null pointer dereference proof of concept exploit.
ff620ab5ba2592c8b398b205c5304425b2dc0cefbfddb320a4cc1c881ace45eaThis Metasploit module exploits SQL injection and command injection vulnerabilities in ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of "system" on the server due to the SQL injection vulnerability. The exploit allows the writing of the desired file to the system using the postgresql structure. The module is written over the payload by selecting a file with the extension ".vbs" that is used for monitoring by the ManageEngine which working with "system" authority. In addition, it dumps the users and passwords from the database for us. After the harmful ".vbs" file is written, the shell session may be a bit late.
95106466679de2024b9e4469f4bb9b8acabf974bb4ab6e9e3cbc9623f7471fd4Evernote version 4.9 suffers from a path traversal that can allow for code execution.
b08c7a210842b3ac5ca0df6b59fe9b17d6c7def80cc11bf9635441acb2c7e805Released 2019/04/18 by the United States Justice Department, this is the Report On The Investigation Into Russian Interference In The 2016 Presidential Election. This is the redacted version.
5c935e422d05d47906729ef7caf3b86f48acddacce16f57440f0d2541b9de70bThis is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68Slackware Security Advisory - New libpng packages are available for Slackware 14.2 and -current to fix security issues.
b4b4ff26daa8f526e4c76b925e9cc0e3c2f76e411f39dbcfe285ebe048d92080
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed