This Metasploit module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library (libnspr) on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the `NSPR_LOG_FILE` environment variable. The log file is created with the privileges of the running process, resulting in privilege escalation when used in combination with a SUID executable. This Metasploit module writes a shared object to the trusted library directory `/usr/lib/secure` and runs the specified SUID binary with the shared object loaded using the `LD_LIBRARY_PATH` environment variable. This Metasploit module has been tested successfully with libnspr version 4.5.1 on Solaris 10u1 (01/06) (x86) and Solaris 10u2 (06/06) (x86).
b57db71ccf98d02c8a379232fc9a6d979e01cb2fa202952f06f55019b37e8722WordPress Arigato Autoresponder and Newsletter plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
876e35305620fc31c8d2c65c203d9b3764e3c9d842428decfbf08fdaeaf1bd41Apple Security Advisory 2018-9-17-3 - tvOS 12 is now available and addresses interception issues.
420ff5219701ebce879fde0b3d90e42c8553a761f22e27272df9fd92641948dfApple Security Advisory 2018-9-17-2 - watchOS 5 is now available and addresses validation issues.
8d2a517d95f6bd4e577c084b95152cbe4ff39acb8e458c103150e0a0255cab78Apple Security Advisory 2018-9-17-5 - Apple Support 2.4 for iOS is now available and addresses a data interception issue.
d7eb334b8db8b9f785ee15a0a7f48bd73e0aa7ed5fc1f1604344776046820156Apple Security Advisory 2018-9-17-4 - Safari 12 is now available and addresses browser history deletion and user interface spoofing vulnerabilities.
7b0493b95cb6b9aa19eaf249f0ba052a0be69a3c31cc656dfde85dd414104f89Red Hat Security Advisory 2018-2715-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Issues addressed include a denial of service vulnerability.
3698c6f413b5b58d8e8194bbbf419e38df3811d406eac6aa127d29a08f1f004dRed Hat Security Advisory 2018-2714-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Issues addressed include a denial of service vulnerability.
842f3cd94f5e21ca8717710a120b344f86bd97e45ba420c50f70113dde8d66b8Red Hat Security Advisory 2018-2710-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Issues addressed include a denial of service vulnerability.
712a4be54329d9fcc1577015595a73af373682ad9e043dc337453712f433ea8fRed Hat Security Advisory 2018-2713-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.
16c2056d090785be8a94fc1a5ad4fcf383eef85c7a47bbb4b6f442c4d6911e12Red Hat Security Advisory 2018-2712-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP30. Issues addressed include denial of service and traversal vulnerabilities.
c8a03a3a1708949badb7bfd4cd2fbbefbe52f94fd0a925b5c38d1b9cccdc80efDebian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.
5d3485e58aed10ea74809fdebbda1ff43b8d5d7612ae0a1b4170ddacd18b3b58Rollup 18 for Microsoft Exchange Server 2010 SP3 suffers from a server-side request forgery vulnerability.
21c4cf2557cdae57096b76c2fb41d1b4ed8b3452e40921277e40d601c4b580daQBee MultiSensor Camera versions through 4.16.4 suffer from a cookie reuse vulnerability. Swisscom Home App products are also affected.
395cd48b4a5259628c5c2ef65d18f9ea29602caac6159d66264f973c1064f529Microsoft Edge Chakra suffers from a type confusion vulnerability with PathTypeHandlerBase::SetAttributesHelper.
4e5a6b1c1ad36809123bcb9eced0fa48ac450dae86ec04c8b0efbd7b86c77fd8Microsoft Edge Chakra JIT suffers from a type confusion vulnerability in localeCompare.
78f38be2f2306af460f7ceb3b4272fa71d5e515678096e5f3e5ef2769afdf332
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed