Ubuntu Security Notice 4043-1 - It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10 and Ubuntu 19.04. Gavin Wahl discovered that Django incorrectly handled certain requests. An attacker could possibly use this issue to bypass credentials and access administrator interface. Various other issues were also addressed.
9d727ca527dbc3931a26a95f493eb01a514019c9b6b3aa5f02a0adbe357ecec5This archive contains all of the 110 exploits added to Packet Storm in June, 2019.
6377714e2025561461a06f0bce98b77779ff55f28b338584340fbc9448c205b5FaceSentry Access Control System version 6.4.8 credentials used for accessing the web front end are stored unencrypted on the device in /faceGuard/database/FaceSentryWeb.sqlite.
ec3726699902d65949f66d03e83b3f866a62dd98322314d5bf41d5bbc0981bdfREDDOXX Appliance versions 2032-SP2 up to hotfix 51 suffer from an information disclosure vulnerability.
01cfc1c19f76e8f4ee2aac22e07f738a30f32136b6ecd7a48dfa623f47dbd4f5sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
f9fdd1c5be1b9f4c945c01aca6e986088e8d7e7349013198a9f957724c7995c0FaceSentry Access Control System version 6.4.8 suffers from a cleartext transmission of sensitive information. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.
321b7d7377b28d3b45492a989c752ae4fca3b6fbd121f8d2c5174424bc4142a6GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
e906baf1c7879423f0ff70cf0dd4c9889713b388be02af87e640696f9a722d0aBotan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
2a7b969cb39d0f5446a972fa2535c7a2b87ef447acdef9e2716458d7ab6a962fSquirrelMail version 1.4.22 suffers from a cross site scripting vulnerability.
e0fade0e7c5216f5956fdcd3b89294dead81e66b576a08326b496cc18d4bc0f4FaceSentry Access Control System version 6.4.8 is vulnerable to multiple cross site scripting vulnerabilities. This issue is due to the application's failure to properly sanitize user-supplied input thru the 'msg' parameter (GET) in pluginInstall.php script. An attacker may leverage any of the cross-site scripting issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials, phishing, as well as other attacks.
60046411726678f999fba5686bdb62e4a2852fb07805f244683d744972764b74FaceSentry Access Control System version 6.4.8 facial biometric access control appliance ships with hard-coded and weak credentials for SSH access on port 23445 using the credentials wwwuser:123456. The root privilege escalation is done by abusing the insecure sudoers entry file.
03b3a5fbba02de8c2a6eb8d47447233de7577153889b5d519b2fa614888548ffCyberPanel version 1.8.4 suffers from a cross site request forgery vulnerability.
a3cb05bc4aba4e01e0c62abab0b296b88d1b50e4ee4ac8fe1033494e5b0c33848 bytes small Linux/ARM64 jump back shellcode + execve("/bin/sh", NULL, NULL) shellcode.
07787fdc530f60529932f28be8712d2d2e1698f889edc55fcddcc346114189b8FaceSentry Access Control System version 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.
7a3abbb69e71f4b2ad4bed9168fdb0b732576793139ab141b74613a6a5b92cafThis Metasploit module exploits a vulnerability within the "ghelp", "help" and "man" URI handlers within Linux Mint's "ubuntu-system-adjustments" package. Invoking any one the URI handlers will call the python script "/usr/local/bin/yelp" with the contents of the supplied URI handler as its argument. The script will then search for the strings "gnome-help" or "ubuntu-help" and if doesn't find either of them it'll then execute os.system("/usr/bin/yelp %s" % args). User interaction is required to exploit this vulnerability. Versions 18.3 through 19.1 are affected.
3f28bb3a6ac2c99bd902cd75cd3f049768c02b4004a667d25b6b743824daf03eThis Metasploit module exploits a command injection in TimeMachine on macOS <= 10.14.3 in order to run a payload as root. The tmdiagnose binary on OSX <= 10.14.3 suffers from a command injection vulnerability that can be exploited by creating a specially crafted disk label. The tmdiagnose binary uses awk to list every mounted volume, and composes shell commands based on the volume labels. By creating a volume label with the backtick character, we can have our own binary executed with root privileges.
7eb0567032fbb9cfa6bb44edac50bb3c598c094fd089f1288cc6d474ba8add57The FaceSentry Access Control System version 6.4.8 application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
ea743d36d8f4b8d7c6dfc1c9d56c656f30e74bf009e1b21c169bd42fd675e147Carpool Web App version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
59a259c25163c286ef0a6754b85718a9de6eee039a19ad87f2df3e49ef31b76bEA Origin versions prior to 10.5.36 suffer from a remote code execution vulnerability via template injection leveraging cross site scripting.
af9879f10c02113c3080a33818943c5f3c89e87d4eba8a417c9abf033be8d53dFaceSentry Access Control System version 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' and 'strInPort' parameters (POST) in pingTest and tcpPortTest PHP scripts.
c1cd06426b17582915040a36f41297c181b641f416cdceedc28e43ff705b2e8bPremier Ilan Scripti version 1 suffers from a remote SQL injection vulnerability.
27710df25930141ca0295d48ecae058c8ef71e6208669d950feb9530b9dbe2bf48 bytes small Linux/ARM64 execve("/bin/sh", ["/bin/sh"], NULL) shellcode.
e3fd7c63b9f7839378f011378841e48d85f48709e015f69f550359fcc40e77d9140 bytes small Linux/ARM64 reverse (::1:4444/TCP) shell (/bin/sh) + IPv6 shellcode.
7770ba1b346fac7e2ceadaf196f00aa6980cbacde25df0d35368e707d3f85bb4Slackware Security Advisory - New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
2d42e79aec2ebce9863c69ac184fe0449e35a3c115c910fb3089cacb7fa15cb2Varient version 1.6.1 suffers from a remote SQL injection vulnerability.
5569ec4cd91d6934bfb9c700d7ce26cfb68403c7e297e094c7a471748152096b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed