This Metasploit module exploits untrusted serialized data processed by the WAS DMGR Server and Cells in the IBM Websphere Application Server. NOTE: There is a required 2 minute timeout between attempts as the neighbor being added must be reset.
d14349b52cf05132e8f24d0e110d19689f3c134c45ec1858138c26ddd28c5d23This Metasploit module exploits a command injection vulnerability in the open source network management software known as LibreNMS. The community parameter used in a POST request to the addhost functionality is unsanitized. This parameter is later used as part of a shell command that gets passed to the popen function in capture.inc.php, which can result in execution of arbitrary code. This module requires authentication to LibreNMS first.
8fd9521e1c38f9ad21b8611a1a79a4fa7ccda2ca71da5acfd86ca9767c9411aeGoogle Chrome suffers from a use-after-free vulnerability in WasmMemoryObject::Grow.
ce09e1e77f3fdcbdae98ac08c289eb87a96ddd4ad1aa801fcfe91a8507bb8221Logitech R700 Laser Presentation Remote suffers from a keystroke injection vulnerability.
6a4c155c598e5dd5c41d5ef25f9ed7fe98bd2d4dbd53076fd0c72ba4e109a6e9Inateck 2.4 GHz Wearable Wireless Presenter WP2002 suffers from a keystroke injection vulnerability.
ddfc5bd9422c9cfe8a75e29e8c97e871d0d3c6b22c85506d8f0b85ca5faf737dInateck 2.4 GHz Wireless Presenter WP1001 suffers from a keystroke injection vulnerability.
687416a505e7bc914fa93eb6f94e5c837f93d29e47c54bbe676761a24f78549cUbuntu Security Notice 4004-2 - USN-4004-1 fixed a vulnerability in Berkeley DB. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Berkeley DB incorrectly handled certain inputs. An attacker could possibly use this issue to read sensitive information. Various other issues were also addressed.
17c59d9cbee46e1add5277d01a142f77905a09ea0c9e46961156d316f8eba951Ubuntu Security Notice 4004-1 - It was discovered that Berkeley DB incorrectly handled certain inputs. An attacker could possibly use this issue to read sensitive information.
2052c41e3ec6709ceb4661f12b785414ecc22fba7a97aee9e191bc77daafe70dRed Hat Security Advisory 2019-1352-01 - The etcd packages provide a highly available key-value store for shared configuration. An improper authentication vulnerability was addressed.
27e8b6a282e53e9ccfe93c516b662721ff77aa483599cc1fe1327f241578baf6Red Hat Security Advisory 2019-1350-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a null pointer vulnerability.
fd3b884dba6ba92ffef7adda18ddf45a473e174e58343b4b581b1c514c9cb1e7Red Hat Security Advisory 2019-1329-01 - The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include a sandbox escape vulnerability.
5a9f47866c29752e20594731fc1b6a6836ba2607b27e0026288f18f7e9efa8dcRed Hat Security Advisory 2019-1326-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Security fix:. Issues addressed include a deserialization vulnerability.
e5a284514f7cd22a9b852dad2e2db220ad553689f198b4614de0aee6cd13c785Red Hat Security Advisory 2019-1322-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include an insufficient input validation flaw in bus_process_object() resulting in a PID 1 crash.
93545224c2126876d216d5b77052cf95381d50e11282c0d8e8802fb9d18ef31eRed Hat Security Advisory 2019-1325-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP35.
e16683958229fb0b1678eb8fbe891fdf0b7432c12f3a507f2b8837c20f4f5bf2Zoho ManageEngine ServiceDesk Plus version 9.3 suffers from multiple cross site scripting vulnerabilities.
128bee17a178f4f2e56018916723f3d34a563f6f547baf76023c9425a6b57d72IceWarp versions 10.4.4 and below suffer from a local file inclusion vulnerability.
dae303ea612781f1383b6bcf7a6084d95619a0691cd54e27b228b6bd3f359a5eDVD X Player version 5.5 Pro suffers from a local buffer overflow vulnerability.
025358a4ff28df7e6401821b90e6962f2406b70bbc38f1a90b7b40ea467f4502This whitepaper provides a thorough analysis of CVE-2019-0708, also known as BlueKeep.
0e4b49027a72239ada9ccc371209073e93656e51aaf9e53c845dbecfdb34bc84Cisco RV130W version 1.0.3.44 suffers from a remote stack overflow vulnerability.
cf50c981afbcb668852b8ad19be0b75d28bef6b28174ce3ce8eb6a47cb7bcc94Whitepaper called A Debugging Primer with CVE-2019-0708.
8a490bd9b4cf02bf2322a6a12134e78c3fba950413a6f733e2fa24d02ea83729NUUO NVRMini 2 version 3.9.1 suffers from an sscanf stack overflow vulnerability.
be473cbd1adc1b33f150970f88fdcbab738c3a4caaa2fca93d98adb64883cc1a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed