This Metasploit module exploits a file upload vulnerability that allows for remote command execution in Showtime2 module versions 3.6.2 and below in CMS Made Simple (CMSMS). An authenticated user with "Use Showtime2" privilege could exploit the vulnerability. The vulnerability exists in the Showtime2 module, where the class "class.showtime2_image.php" does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). Tested on Showtime2 3.6.2, 3.6.1, 3.6.0, 3.5.4, 3.5.3, 3.5.2, 3.5.1, 3.5.0, 3.4.5, 3.4.3, 3.4.2 on CMS Made Simple (CMSMS) 2.2.9.1.
1df098a0e8333fb97bab3cd80dd2de6a5ea4a18a6d09b8daa9ff38cd10e5965aThis Metasploit module demonstrates that an unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.jms.common.StreamMessag eImpl) to the interface to execute code on vulnerable hosts.
e9fa1048c7115283a85c77ab6fc28657f1c314f5367d3be58cd22dda512105d6A bug in IonMonkeys type inference system when JIT compiling and entering a constructor function via on-stack replacement (OSR) allows the compilation of JITed functions that cause type confusions between arbitrary objects.
69137aa1448d0433945fde8e7e4340601a30cc89d0f1611dc9c4960de77a3759This is a critical memory corruption vulnerability in any API backed by verify_crt(), including gnutls_x509_trust_list_verify_crt() and related routines in GnuTLS.
533f01efe3a32a400eae85ee0cf901c9f9719f4ada7f40836cc2938e024c4866Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
0a12ebdf6ff7a74c0bde2bdc2b55cae33449e6dd953ec90824a9e01291277634Fat Free CRM version 0.19.0 suffers from an html injection vulnerability.
df06e72549fffc50f5424d1db04c2b934ef5ad16747d4a3c950bb915e38af30fRedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router which was inadequately patched by the vendor.
fa1fddffe139a0d576a787664aa6b3b1d1207ed373110904ad3b88fa8d1e4370RedTeam Pentesting discovered that the Cisco RV320 router still exposes sensitive diagnostic data without authentication via the device's web interface due to an inadequate fix by the vendor.
2b7e66ad19b6068e6af38b37416a2c3c4c1dbb9a1a959f50323d828c81b0520eRedTeam Pentesting discovered that the configuration of a Cisco RV320 router can still be exported without authentication via the device's web interface due to an inadequate fix by the vendor.
aa2ffadd37f8b53f7521b5331aff0f56f21b08999e7e3839a9709f9b42d32d19Ubuntu Security Notice 3923-1 - Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol. An attacker inside the guest could use this issue to read or write arbitrary files and cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol. An attacker inside the guest could use this issue to read arbitrary files, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
bd50cf4e3724dde4eca89acd01b984093f41b59050ef6cddd19b55a916c3b163Red Hat Security Advisory 2019-0672-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR.
a66e07d0056a772de65564f6604eb67706b5f09c2226b7789a271c9c481ea630Red Hat Security Advisory 2019-0671-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR.
5384e9fcb533149326a741c9c1a106aee3dd186a89e17054dc29950e438e6d53Joomla ARI Image Slider component version 2.2.0 suffers from cross site request forgery and remote shell upload vulnerabilities.
d51451d6dc114e1ed2871c58739b811223f60d0185fd6c98d0b0d5bd3b628d0dRazer laptops ship with SPI flash set to full read/write and the Intel CPU is left in ME Manufacturing Mode.
7d678619ab5a9fdf0463c198c9e4b917336b325215c49776175af01fad3b75d0Jettweb Hazir Rent A Car Scripti version 4 suffers from a remote SQL injection vulnerability.
adc7b5fa2b9c4760ac4c93a250486dd1bd25e9c5a72bd91235f2818e66c9f4b2Firefox versions prior to 66.0.1 suffer from an Array.prototype.slice buffer overflow vulnerability.
851f7c03bad5c91e3b04bd52dc421d3831d299b9eb32ac1821c4fb8780f1404eXooDigital suffers from a remote SQL injection vulnerability.
64062bede02f5a9cf8b1d9312ef26ef1a3ddcde17f7df1d21b6ae4b239ab36deXooGallery suffers from multiple remote SQL injection vulnerabilities.
a0f2806fd8b2ff66dc6b0fc8e2eafb471291f0a842fa1aa2028272af8679ceafRukovoditel ERP and CRM version 2.4.1 suffers from a cross site scripting vulnerability.
12f62dc9fcfbd0ced37ff58e790b178d0c1a515acb1d918c4ae0168f2cc9a699Jettweb Php Hazir ilan Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability.
9095c78790c060129f55e6d705ff1c7525761f246f0f58ee5150a8448fa926ffSJS Simple Job Script suffers from cross site scripting and remote SQL injection vulnerabilities.
a81502b4b25ab5fa593f97d8d3881ed98e9cc4a421140caaedf7ee41eb599c3eWordPress WP-Forum plugin version 1.7.8 suffers from a database disclosure vulnerability.
85ccea7cd4179794c832f4544bfc8ab29e98107c224207638a672ff1ed604f78Microsoft Windows Win32k local privilege escalation proof of concept exploit.
6774a9c3a588e5f20f4f14249b0356b8a13d70a8848eed507eb39dba135af5d3WordPress AND-AntiBounce plugin version 1.0.3 suffers from an open redirection vulnerability.
67a2fa1deeacf0192b0e55d8b263b84d8a4a0f4dbef2c422272651b76f200c25EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges. Affected includes EMC NetWorker versions 8.2.x, versions 9.0.x, versions prior to 9.1.1.5, and versions prior to 9.2.1.
66870bbfcda2e853c60f884ceb3c02b01afe04b67bf39ddb8d2eae51ae0edfb0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed