This Metasploit module provides remote code execution against GitLab Community Edition (CE) and Enterprise Edition (EE). It combines an arbitrary file read to extract the Rails secret_key_base, and gains remote code execution with a deserialization vulnerability of a signed experimentation_subject_id cookie that GitLab uses internally for A/B testing. Note that the arbitrary file read exists in GitLab EE/CE 8.5 and later, and was fixed in 12.9.1, 12.8.8, and 12.7.8. However, the RCE only affects versions 12.4.0 and above when the vulnerable experimentation_subject_id cookie was introduced. Tested on GitLab 12.8.1 and 12.4.0.
a2fd5f023f224556722696d725ba298281ba4faa6ff9fad55afc78efcb2c8cd0
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
f8165211f5b4a4f6708df73ef9be51df917927f2da78348b32d3a6eb5fc458a3
BigtreeCMS version 4.4.11 suffers from a cross site scripting vulnerability.
3c45f0348a7157e65d5900916567e5655859008ee4715585d4a47c25a95b49d0
Ubuntu Security Notice 4668-1 - Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service.
a5f6014a35f892c6ffaedb77312c56a6a022a609abece4d6d3680f375d81c3d8
OpenCart version 3.0.3.6 suffers from a cross site request forgery vulnerability.
15a4af089ee6938e9f9018d0cd512261bc37456c71fa0bf444ddfb50c1ad376f
Ubuntu Security Notice 4665-2 - USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. Various other issues were also addressed.
ef449b8bd3d4514ef75c2cb2e3e8ee86d33aec9b67483b26029adecfe1777660
WordPress Popup Builder plugin versions 3.69.6 and below suffer from multiple cross site scripting vulnerabilities.
ee27a617cdd08a28d0aa46029db9df5ff8f33df6251fb74266abaf8c5b081e81
Ubuntu Security Notice 4667-1 - Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service.
ed3e732086e11beeda7a344425ad7dc16a8309de9febde6bc43b34925f802eae
Barcodes Generator version 1.0 suffers from a persistent cross site scripting vulnerability.
ad8bf5e77fce744e79e98d6d6401df0c9c922345fa6dbfbd73898ab10d8b80b6
Ubuntu Security Notice 4668-2 - USN-4668-1 fixed vulnerabilities in python-apt. That update caused a regression by removing information describing the Ubuntu 20.10 release from the Ubuntu templates. This update fixes the problem by restoring this information. Various other issues were also addressed.
33d12f331c2c401cf9a9afee6fe990d3e427170e788b8a6fd66e8dbda3e0c1a9
Openfire version 4.6.0 suffers from multiple persistent cross site scripting vulnerabilities.
f9c7f42f5cd677f2e3c3280fd7992e2595856f2a86b2332e2d48c94b993b1751
Library Management System version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
1a980ac557ad205a4469f0b188c4572761b978641908964ad8bc577f75f56dea
PDF Complete version 3.5.310.2002 suffers from an unquoted service path vulnerability.
02ca2708970fb0372697359863b921b8c47c3cb3385ddc1b9d95abcefbf25921