This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA product, versions 8.0.0 to (and including) 8.0.7. This exploit was tested on versions 8.0.0 and 8.0.7 on both Linux and Windows. The default configuration is exploitable by an unauthenticated attacker, which can achieve remote code execution as SYSTEM on a Windows installation and root on Linux. The vulnerability was discovered and exploited at Pwn2Own Miami 2020 by the Flashback team (Pedro Ribeiro + Radek Domanski).
9d49478c9a416ef64a062b712cd22c68e5b37e2e0f0dbc80fc3655a1c2e3d686iOS and macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering.
185ed329e279974bff794995bb28d911a3d0487fe537cf5e9f91c71beea77fb6Red Hat Security Advisory 2020-2755-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.
d11adf3d805faf3dbef817e9ef58c4c6f4cd13bf9ad3634b2d52a78080852383This Metasploit module exploits a cross site request forgery vulnerability in Online Student Enrollment System version 1.0 to perform a shell upload.
b6366584b46649d37ada0b665f649825e40650ad568620f751b7363d7e66995eFHEM version 6.0 suffers from a local file inclusion vulnerability.
5160e3d33cbb28402cdd7c05ddca7fa56063505199fb9e026f19326dc0072f10Whitepaper called Exploit Command Injection Router via reverse firmware technique.
52e2f44996fd104e80355da0a4c50a392a577914c8465b2dd09f44548afeaad0This is a proof of concept exploit that takes advantage of a privilege escalation vulnerability in the Windows Print Spooler.
10cd5282101291a6752965e7e18cbc4e13658d0643547dbb3204e8fd764b8c3aASUS Aura Sync version 1.07.71 ene.sys privilege escalation kernel exploit.
e7ab712703b5aec8283763947cace886385e933263c2aec57c840e86c46387e6Red Hat Security Advisory 2020-2751-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.7.0 serves as a replacement for Red Hat AMQ Broker 7.6.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
86afa8e16589220829347dd236016a327498a1d6af106f5931992adf9a788c30The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).
b6d44c2b494378ff342fef57be9d4be4564327103eadabb01ff166ae6dae9bffThis document describes a stack overflow vulnerability that was found in October, 2019 and presented in the Pwn2Own Mobile 2019 competition in November 2019. The vulnerability is present in the UPNP daemon (/usr/sbin/upnpd), running on NETGEAR R6700v3 router with firmware versions V1.0.4.82_10.0.57 and V1.0.4.84_10.0.58. It allows for an unauthenticated reset of the root password and then spawns a telnetd to remotely access the account.
3ccd57c2afc9c37bec7729262aa2b172845c46c639bdb363b6009f40ca166d05BSA Radar version 1.6.7234.24750 suffers from a persistent cross site scripting vulnerability.
0a6d9ae3213d039a6276115d9acee975c7246ffd2f7f8ad53860f3603aea7410
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed