This Metasploit module exploits a buffer overflow in the FTPShell client 6.70 (Enterprise edition) allowing remote code execution.
b8f01f84c845398fb04cba37588088d6bbc790b0fc0bdf524f55915dd6be6c52This Metasploit module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access. The steps are: 1. Issue a POST request to /nagiosql/admin/settings.php which sets the database user to root. 2. SQLi on /nagiosql/admin/helpedit.php allows us to enumerate API keys. 3. The API keys are then used to add an administrative user. 4. An authenticated session is established with the newly added user 5. Command Injection on /nagiosxi/backend/index.php allows us to execute the payload with nopasswd sudo, giving us a root shell. 6. Remove the added admin user and reset the database user.
80bee7aa780edc43040bd1dd427fbdb84bcd1f35f74873b32d619a620e07f20cVMware Security Advisory 2018-0011.1 - Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud.
2bad9b418270a2559edd54ffa4cc799e7eb46bbf04736056ec59270ffddcfd81VMware Security Advisory 2018-0016 - VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities.
90567ad4dad799d75d4c874c4d4d5dd2bde081e9577045670fd3af3cc521c376VMware Security Advisory 2018-0012.1 - VMware vSphere, Workstation and Fusion updates enable Hypervisor- Assisted Guest Mitigations for Speculative Store Bypass issue. The mitigations in this advisory are categorized as Hypervisor- Assisted Guest Mitigations described by VMware Knowledge Base article 54951. KB54951 also covers CVE-2018-3640 mitigations which do not require VMware product updates.
b7454f0cda78e28fc6b7444ae9be5bdd987d9eaf72ed3ac3ad092d94850944f6Microsoft Windows suffers from an ADODB.Record object file overwrite vulnerability. The password for the proof of concept zip is adorecord.
fa5ba9f3b0a03d61eb7be0c60781151047f183df16df52d8cab904fdcd2cc159Ubuntu Security Notice 3686-2 - USN-3686-1 fixed a vulnerability in file. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that file incorrectly handled certain magic files. An attacker could use this issue with a specially crafted magic file to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
af09837fd0ebda01652c7ca1b96410d72ebe7f9252ff54d8a3cb3415cf7964dc28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there. Gentoo is still working to determine the exact extent and to regain control of the organization and its repositories.
ce6323bf0a3ebce97d674c732895a9191e58f3c64a0a758f7b0b6840859fed95Debian Linux Security Advisory 4236-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.
bc38a7c7dcdcd73bd1df565a0d7810fd50d34a4eb9c6c879d0393737aeb23585Red Hat Security Advisory 2018-2102-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an information exposure vulnerability.
ff3b6ea694d245d64e3ea8a6aa0aba4c1a6fe0ebf8bed80a5e4ce1e85062c7f0Ubuntu Security Notice 3694-1 - It was discovered that NASM incorrectly handled certain source files. If a user or automated system were tricked into processing a specially crafted source file, a remote attacker could use these issues to cause NASM to crash, resulting in a denial of service, or possibly execute arbitrary code.
955d49d6845e15d41ca9f850de8051b0d6f46753cfa31efa5909d4b4598023ecRed Hat Security Advisory 2018-2112-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
c83b51fc510827e3da5f97c2bdaefb75707217c460d8a14d5c67b9cf283e90faRed Hat Security Advisory 2018-2113-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
733eefe7a714bfbb481e79af2fb8c94cc9b1e0409edce093a2e253f22750db8eDebian Linux Security Advisory 4235-1 - Several security issues have been found in the Mozilla Firefox web lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.
8c2683c765b5fe80e5b1bcd8d7cdded23af3f5071accff38512c01785137cb09Apple Security Advisory 2018-06-27-1 - SwiftNIO 1.8.0 is now available and addresses a buffer overflow vulnerability.
4319312a52e9fc53fcae2a76e18afb01692987d3069ab41c613f7ed00fcf4b95
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed