This Metasploit module exploits an overflow in the Windows Routing and Remote Access Service (RRAS) to execute code as SYSTEM. The RRAS DCERPC endpoint is accessible to unauthenticated users via SMBv1 browser named pipe on Windows Server 2003 and Windows XP hosts; however, this module targets Windows Server 2003 only. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well.
0ae2b9ea7eebb2360a416f9ca767c77a6dbd884480e2109006104ebb2c2a7cb2When Asterisk sends a re-invite initiating T.38 faxing and the endpoint responds with a m=image line and zero port, a crash will occur in Asterisk. This is a re-occurrence of AST-2019-004.
d43d5cb9a0201ce6df31db1a1a9561360db4a1bb17c19f46dd04be62c2e79557Ubuntu Security Notice 4757-2 - USN-4757-1 fixed a vulnerability in wpa_supplicant and hostapd. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that wpa_supplicant did not properly handle P2P provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
dc1b4322a52c55ce4a3510534f27f7d969369c80e22c1455f92626820c73a2b9Red Hat Security Advisory 2021-0736-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP25. Issues addressed include buffer overflow and bypass vulnerabilities.
1ccf5b38ec529b7006e34dc41c3f19d8bedbd43dbfcda69aa1b5072827495da8Fluig versions 1.7.0-210217 and below suffer from a path traversal vulnerability.
ea5511730eaab22027c25e852ad09966af7a9dc8002e191fff5abf1fb3aaf5aaRed Hat Security Advisory 2021-0735-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.
4fa2f2af51f196dfbdc7df2b7135e2d697b420eeef4d54bc4ee06a7e381850eaRed Hat Security Advisory 2021-0734-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.
12d80d86278865e7f564d47f85075de0d39f503c206501b492facef45c9f60d2CatDV version 9.2 RMI authentication bypass exploit.
543271c044880a1d0aef7afeebb5c1d50a3037c73a168df894845293de2d0660This is a brief whitepaper that goes over some tooling that can be of assistance while performing reconnaissance against a web application prior to attack.
efa89877156455ecbe4998579276a2b7f88564aac2a446ce3a8fdb5d7a98c52cDoctor Appointment System version 1.0 suffers from multiple cross site scripting vulnerabilities. These are additional findings with original discovery of cross site scripting in this version being attributed to Soham Bakore in February of 2021.
b098137654368cff53ff815f613c4ed7917ea68d5a2afab78153a61a45603e3a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed