This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in a virtual appliance and successful exploitation of this vulnerability yields remote code execution as root on the remote system.
078f133f8a5eb45e3921bb8de3c7d640fa15b03306907ebf439e915e4be64e2aAn unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data. Because of this, a malicious serialized object contained within a serialized SignedObject can be sent to the Jenkins endpoint to achieve code execution on the target.
3729c358cb302e4f78e19a3ad5a83bfe54ed6e185ea35041abb6038c065373daOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
5c9ca8774bd7b03e5784f26ae9e9e6d749c9da2438545077e6b3d755a06595d9Framer Preview version 12 for Android exposes an activity to other apps called "com.framer.viewer.FramerViewActivity". The purpose of this activity is to show contents of a given URL via an fullscreen overlay to the app user. However, the app does neither enforce any authorization schema on the activity nor does it validate the given URL.
e54f0aa32e54c06b14955e19264b2f743bd0ebfed0a629f5cc6a8d1038c27426Visitor Management System in PHP version 1.0 suffers from an unauthenticated persistent cross site scripting vulnerability.
a2c9a67834ae7b5586ab0924c27409536188445292536240d0435a2a049b9826Visitor Management System in PHP version 1.0 suffers from a remote SQL injection vulnerability.
ab71e9e2d73f91afd6433dee7ea244f66a2b959b00c6468e3921bccb4fff8517Seat Reservation System version 1.0 suffers from an unauthenticated remote SQL injection vulnerability.
cb1c652d4ae15d8448990bede6751ce07de7adb24b5262b41a248c1d481c164fGoogle's osconfig agent was vulnerable to local privilege escalation due to relying on a predictable path inside the /tmp directory. An unprivileged malicious process could abuse this flaw to win a race condition and take over the files managed by the high privileged agent process and thus execute arbitrary commands as the root user (full capabilities). Exploitation was possible only during an osconfig recipe being deployed.
1cc92e5ebabd438a79296409a717f268826979019ed2cd8fa31fe695998e710eUbuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
1a7e92d97a7c1f613cf335722fd6cd7fd55d3095b3d4c383000f1cffd8a1ec21Red Hat Security Advisory 2020-3810-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.
c592335a6070d33fd9d693d07348a7b69a1daae7665d8fe47a78932f56c38be2Ubuntu Security Notice 4531-1 - It was discovered that the BusyBox wget applet incorrectly validated SSL certificates. A remote attacker could possibly use this issue to intercept secure communications.
70f1cf96b918f1bc0dfeb98060d8972adab7ffbc5d8ce11ec4520cf66fbd7054Ubuntu Security Notice 4529-1 - It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. It was discovered that FreeImage incorrectly processed images under certain circumstances. If a user were tricked into opening a crafted TIFF file, a remote attacker could possibly use this issue to cause a stack exhaustion condition, resulting in a denial of service attack. Various other issues were also addressed.
517e21ba1bcf069a01673d3c7c360d3a1790df57efe1dd0f4d22496b08df865dUbuntu Security Notice 4528-1 - Adam Mohammed discovered that Ceph incorrectly handled certain CORS ExposeHeader tags. A remote attacker could possibly use this issue to perform an HTTP header injection attack. Lei Cao discovered that Ceph incorrectly handled certain POST requests with invalid tagging XML. A remote attacker could possibly use this issue to cause Ceph to crash, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
1f8ff8e5a19c6a860564579db5b280092ff21ca26f8f1cdd7b29616059e8da49Red Hat Security Advisory 2020-3803-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
d6f38e216c1e79df65073c477e0b9f6950a67b9786832a4007ce8a159d249021Red Hat Security Advisory 2020-3804-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
90844f0cf711442a43c5aca4e826ffb0bd2a94bedeed4f1b0e81a1b1ab6217c7Red Hat Security Advisory 2020-3783-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling.
424d1b2c893b99ef926d3bdf4105791bc5744129dcfb09980ecb990214f480e9Ubuntu Security Notice 4526-1 - It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service. It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
d6b7f712a559eed0e624ddf1f8561e5e7fec8f15c9791d5ccd1cf54257e0a7d1Ubuntu Security Notice 4527-1 - It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
2430b3c99e99151b0e6829325b42b1cab196a3854ee7fd01a6d240819db32636Ubuntu Security Notice 4525-1 - It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service. It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
b66ee2d07baadb698741d0836d4e3ef0cf5a42260e045fa44b56a517a3e5389dFlatpress Add Blog version 1.0.3 suffers from a persistent cross site scripting vulnerability.
b05ba3a8a8edfeb2bc69bce1cc9b801363648b1c925575a4dffaf8545342a5f4Comodo Unified Threat Management Web Console version 2.7.0 suffers from a remote code execution vulnerability.
9617889b3c5b47d64d52c894091ea3203bd6dca9735e04a1f9c006cf42fe2db7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed