It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to exploits/linux/misc/ueb9_bpserverd however it runs against the localhost by dropping a python script on the local file system. Unitrends stopped bpserverd from listening remotely on version 10.
78074b1701e40ea4ef9e046d50ffaa646aa27cf4177d6b17c6371f5f32a674b7Ubuntu Security Notice 3830-1 - USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem.
166b04353de713beab9d08eea9a06f119e07b1b80978dd2605262a24dc29f7b6Debian Linux Security Advisory 4346-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).
31d5f9ccd80e2ae52f634417dc51d4efec799681af5b520ee3732b3908bb345dFreeBSD Security Advisory - Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. A remote attacker could cause the NFS server to crash, resulting in a denial of service, or possibly execute arbitrary code on the server.
10bcc1748ee3a9d625fa8d7384fa8357ec3df2199059cc67ec2a7fe57ef95a19Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
dd46625edf20ec566996b733efec4fa6ab1a394f429074cafd338ed82f2fc1bcWordPress SEO (Yoast SEO) plugin versions 9.1 and below suffer from a race condition that allows for command execution.
beccb25cd34b5598b3344e89b272941af76a9232a6505aae0681dadb27a5eb65SonarSource SonarQube versions 7.3 and below suffer from an information disclosure vulnerability.
181609b1236e0b843500d4b4daa0c9bbe9a1ffa24780b31dc2fd2c271679e4c6A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. This vulnerability is related to a previous security issue fixed by Cisco in October. Affected versions include Cisco Webex Meetings Desktop App releases prior to 33.6.4 and Cisco Webex Productivity Tools releases 32.6.0 and later prior to 33.0.6.
8a6363eac36d1c77af2c188b62cc8afc4fb79e8cc7205275d6c75b242a765b2aAvahi-daemon in Avahi version through 0.7 inadvertently sends Legacy Unicast Responses to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.
59a83fca87a2b35f897b8738a94296f531af9928d8dc72e40d1758d19aaf1931Debian Linux Security Advisory 4345-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix.
8e8662ce6c65cf8afbe1105d2a8bdc36b597add5ac00992a1699de767fa80143An impersonation issue in BMC Remedy version 7.1 may lead to incorrect user context in Remedy AR System Server.
4659f997bc1698d42873571e28a10042883a121365755c51b48eb3ab904253c4XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.
75dbb38b248d52be321de6e1340065eac23ecbb902931e83075eb886bfa9a0bbThe imap_open function within PHP, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand option can be passed from imap_open to execute arbitrary commands. While many custom applications may use imap_open, this exploit works against the following applications: e107 v2, prestashop, SuiteCRM, as well as Custom, which simply prints the exploit strings for use. Prestashop exploitation requires the admin URI, and administrator credentials. suiteCRM/e107/hostcms require administrator credentials.
5db80502619550a84a9d8068ff710ec5534f3d8a3239b812c7c114f85cc7972aThis Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user namespaces enabled and the newuidmap and newgidmap helpers installed (from uidmap package). This Metasploit module has been tested successfully on: Fedora Workstation 28 kernel 4.16.3-301.fc28.x86_64; Kubuntu 18.04 LTS kernel 4.15.0-20-generic (x86_64); Linux Mint 19 kernel 4.15.0-20-generic (x86_64); Ubuntu Linux 18.04.1 LTS kernel 4.15.0-20-generic (x86_64).
c991b79ae898a222baf512ec75bc5ae786505466b71b6453fd873f6b5482343cThis Metasploit module exploits a vulnerability in libxpc on macOS versions 10.13.3 and below. The task_set_special_port API allows callers to overwrite their bootstrap port, which is used to communicate with launchd. This port is inherited across forks: child processes will use the same bootstrap port as the parent. By overwriting the bootstrap port and forking a child processes, we can now gain a MitM position between our child and launchd. To gain root we target the sudo binary and intercept its communication with opendirectoryd, which is used by sudo to verify credentials. We modify the replies from opendirectoryd to make it look like our password was valid.
d81c090e142679481756278a6bfdf34affd2552062d989fcb8bd5743ab2960b1This Metasploit module allows remote code execution on TeamCity Agents configured to use bidirectional communication via xml-rpc. In bidirectional mode the TeamCity server pushes build commands to the Build Agents over port TCP/9090 without requiring authentication. Up until version 10 this was the default configuration. This Metasploit module supports TeamCity agents from version 6.0 onwards.
ffd2452cfe0fe12ebc398f9f6cfab3dbddb89ea510ff981650c645bb1237db0fUbuntu Security Notice 3829-1 - It was discovered that Git incorrectly handled layers of tree objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
0340a7e54640e1c20b59cb7982cd154569a02864421fcde9d8908cbd8a8e24a7Ubuntu Security Notice 3827-2 - USN-3827-1 fixed a vulnerability in samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Florian Stuelpner discovered that Samba incorrectly handled CNAME records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service. Various other issues were also addressed.
7db0d77361d81832ac500d6926d20bd91a314d5e196908f013fdb41d3ea16986Ubuntu Security Notice 3816-3 - USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu 16.04 LTS. In order to continue to support this configuration, the fixes for CVE-2018-6954 have been reverted. Various other issues were also addressed.
cb9b05c78f4e62578d79c6d74bb3b6230e89ffde7e11bd266932cddb628c5b23Ubuntu Security Notice 3828-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
f8544edc8b1f4d249bcc6d8a6cef14a1aaf8d60bcc4f9a4e10769d1234806261
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed