This Metasploit module exploits a command injection vulnerability in Metasploit Framework's msfvenom payload generator when using a crafted APK file as an Android payload template. Affected includes Metasploit Framework versions 6.0.11 and below and Metasploit Pro versions 4.18.0 and below.
47170fa2c6f60c3fc00bcf7d141f9846d5a4832fd8d4f861bb23346abf01ef02The WordPress File Manager (wp-file-manager) plugin versions 6.0 through 6.8 allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory.
cb75a4b68804743f507bff751860e4857ae4e6e2dc885932118f534da8b0dce9Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
f28d766475ba7b1c153f28df3622935d15c8fc93026e2465daa9a950156628aaRed Hat Security Advisory 2020-5054-01 - The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
f92551824b5d626a1e18cfcdbb044ba22c3711db05bb35dddb1a37d9fa41ce0fRed Hat Security Advisory 2020-5056-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
665ed5d98c9957e15d97945672e8f8f56a65b8382a21f1d0f5f7eee78d24bcb6Red Hat Security Advisory 2020-5055-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
2a8eee492b4b82b510d75ca3fea6d2035132dc887c1b2ae216ff3335fa1c26f8Ubuntu Security Notice 4624-1 - It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause unexpected behaviours, or execute arbitrary code.
bbdedad92c5f49abf4ec712372a7579c609942a31ff4253159b2e40d800c11b9Red Hat Security Advisory 2020-5010-01 - Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Issues addressed include a denial of service vulnerability.
f350f73aae4e8c70ebc1718230bfcf9f7db05549fc27b6302c1ca74b3bbaa786Anuko Time Tracker version 1.19.23.5325 suffers from a CSV formula injection vulnerability.
105e68c3d2a19035a692811e21172ba5e0ebdeec62831e1ee2d05accada9ad58Red Hat Security Advisory 2020-5012-01 - The librepo library provides a C and Python API to download repository metadata. Issues addressed include a traversal vulnerability.
85ff30fb487a0a6d9b0d6405bfe606b3694384cb3fd24b2e4d6d0cf405acb87cRed Hat Security Advisory 2020-5004-01 - The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability environment. Issues addressed include a crlf injection vulnerability.
453fcb09a5f16da256701b2dda3589e540b018eb409e7ce78c39b210542b206aRed Hat Security Advisory 2020-5003-01 - The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Issues addressed include a crlf injection vulnerability.
3a82297fdf138055633b735dafe4562ca8ced8cea32bb001465a4ae5dd9fc377Red Hat Security Advisory 2020-5050-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
623c6e812db6e3332f8bb6b53494465e0817a3212578d85d6da7baf00a7cd4a8Red Hat Security Advisory 2020-5023-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
19732bba2fcf4903aa3358bb1d0e9b5ccff9c94d14037fb0bb5daf1aae803c57Red Hat Security Advisory 2020-5040-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a double free vulnerability.
092f943a786403ecdd500537ccfa76a673d08d087081069996a71e0da3f031fcRed Hat Security Advisory 2020-5021-01 - The qt packages contain a software toolkit that simplifies the task of writing and maintaining Graphical User Interface applications for the X Window System. Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Issues addressed include a buffer over-read vulnerability.
d6335f524240749d77e4a2a8f198ad08e90d464e1ec9627f73e52e4e195b3914Red Hat Security Advisory 2020-5026-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
6b053ed4d04629c659e026273dffab5521a8cdbad0b4b8e7cdf9c89d4bdd8c2fShoreTel Conferencing version 19.46.1802.0 suffers from a cross site scripting vulnerability.
df622ff6658508f23c86cc7c02cc486c8f440ad740ecd4af686fba474a2981eaRed Hat Security Advisory 2020-5002-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
15cbbb287106b726201c238c50fb000d4965ed0789c4f1f77edd3a6c0aa95f80Red Hat Security Advisory 2020-5011-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
aaf648a3da7817299ff297522b94b3967620cc6d46bede90ffb091bef1c78a17Red Hat Security Advisory 2020-5020-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a HTTP request smuggling vulnerability.
7ec0216636921bc74503b64c483f37f3b81462c1fea8530c0042df557b9fbe89Red Hat Security Advisory 2020-5009-01 - Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries.
82e2d38d84579540e95319c3672421ee2c2fb4cc1cc9eaaab013aa93b3236ac2Red Hat Security Advisory 2020-4999-01 - The unixODBC packages contain a framework that supports accessing databases through the ODBC protocol. Issues addressed include a buffer overflow vulnerability.
5b9c4c2c96b588f72a4367b7338f9123b293546c7f814eaf7123d3c767e12aafRed Hat Security Advisory 2020-4992-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
427c349502093041505d7cf083ba266acd7af71b03733c28a2e759898ef1f7b2Red Hat Security Advisory 2020-4991-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.
36e5f3eaac42575f4136edc475d74185d6e90f76555788b825efb4cd93ae1876
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed