This Metasploit module exploits a stack-based buffer overflow vulnerability in MPlayer Lite r33064, caused by improper bounds checking of an URL entry. By persuading the victim to open a specially-crafted .M3U file, specifically by drag-and-dropping it to the player, a remote attacker can execute arbitrary code on the system.
61c9fed931a83bc7851c93ab4e149ec607c061edc841c01aaf722c287b7d3742This Metasploit module will attempt to elevate execution level using the ShellExecute undocumented RunAs flag to bypass low UAC settings.
0f7fb4377bf2d6d71431f032c82cbf7fd475135a7e10f5264dc8285bfaa1d4ffThis Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the lister_fichiers_par_champs function, which is triggered when the bigup_retrouver_fichiers parameter is set to any value. By exploiting the improper handling of multipart form data in file uploads, an attacker can inject and execute arbitrary PHP code on the target server. This critical vulnerability affects all versions of SPIP from 4.0 up to and including 4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code remotely via the public interface. The vulnerability has been patched in versions 4.3.2, 4.2.16, and 4.1.18.
470929e92864600915a7773675e61c23486f09b86f3d05d72951628b436ed7c0This Metasploit module uses the qconn daemon on QNX systems to gain a shell. The QNX qconn daemon does not require authentication and allows remote users to execute arbitrary operating system commands. This Metasploit module has been tested successfully on QNX Neutrino 6.5.0 (x86) and 6.5.0 SP1 (x86).
217c97be589524ea77431218332eff5e82efabdd6dfa3503ed0ddab691480814This Metasploit module creates a RAR file that exploits CVE-2022-30333, which is a path-traversal vulnerability in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. UnRAR fixed this vulnerability in version 6.12 (open source version 6.1.7). The core issue is that when a symbolic link is unRARed, Windows symbolic links are not properly validated on Linux systems and can therefore write a symbolic link that points anywhere on the filesystem. If a second file in the archive has the same name, it will be written to the symbolic link path.
2df85540ffe31bd6abf8706295866ebd1d381d12c36e4680836b772ead8e9445A cross site request forgery vulnerability was identified in the Authorization Method of 3DSecure version 2.0, allowing attackers to submit unauthorized form data by modifying the HTTP Origin and Referer headers.
032e3a53c89b7b4a7b7b3de30de850a84f091eca55d4270ee219cc8a08689f233DSecure version 2.0 is vulnerable to form action hijacking via the threeDSMethodNotificationURL parameter. This flaw allows attackers to change the destination website for form submissions, enabling data theft.
dc98bb08a58bbfec1100b0b81febe49fd09487b8a8456933f842f161ab0d5757Multiple reflected cross site scripting vulnerabilities in the 3DS Authorization Method of 3DSecure version 2.0 allow attackers to inject arbitrary web scripts via the threeDSMethodData parameter.
6d39badeee9ca588e282577f02ef7077faa513c136944eec8da9e5f0a73a67a8Multiple reflected cross site scripting vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure version 2.0. These flaws allow attackers to inject arbitrary web scripts, CSS, or HTML through the manipulation of the params parameter in the request URL.
5c49c8e7ecdf6ea8c0ca9ef4838d0136aa0e0903e7e668c089948442cca4d4d43DSecure version 2.0 is vulnerable to cross site scripting in its 3DSMethod Authentication. This vulnerability allows remote attackers to hijack the form action and change the destination website via the params parameter, which is base64 encoded and improperly sanitized.
17cd30a43cadf4e0ba472bc1f4cadd560c5b65235a04affcc4271b43c4dc6065Debian Linux Security Advisory 5768-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
70403858627e4d47b4cd0877efdac30fb9f6d23926c76535c39787794a947584Ubuntu Security Notice 7006-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
bfa1f853c40c5f477c198c988120fbd6fe68320fbaf6055c26d7c823fb626082Ubuntu Security Notice 7005-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
16a95e0e8f80dad3e90b963e7b53b6853ba6f934f88bd2470c901fc0b1d3144eUbuntu Security Notice 7004-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
431af02c0d9e5c558fd6375749c474c2ba15897d474ed112193b050613cb07f8Ubuntu Security Notice 7001-1 - Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did properly handle the potential for an integer overflow on 32-bit platforms. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
dd777efeaab59422d2fe51b3d1cc0f03bc68451f5c70dd442a7b4f075550b945Ubuntu Security Notice 7000-1 - Shang-Hung Wan discovered that Expat did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. Shang-Hung Wan discovered that Expat did properly handle the potential for an integer overflow on 32-bit platforms. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
e207f4963e040f92737087661cdcc67616d5a449bd2f500e15737c6170147628Ubuntu Security Notice 7002-1 - It was discovered that setuptools was vulnerable to remote code execution. An attacker could possibly use this issue to execute arbitrary code.
54bafb3e8bf0072a6b96f1e84af61e2aabfd6f0f55f7346007be3c20de65531fUbuntu Security Notice 7003-2 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
b9ccf0915602448265ab710de51d14e93875c6b9ca20f10baf002ab90a58470eUbuntu Security Notice 7003-1 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
7d5b0465fc8b365d164e7403ac3a399c1d198dc1157f8ad403f32d2ffbadf1a2Ubuntu Security Notice 6997-2 - USN-6997-1 fixed a vulnerability in LibTIFF. This update provides the corresponding updates for Ubuntu 14.04 LTS. It was discovered that LibTIFF incorrectly handled memory. An attacker could possibly use this issue to cause the application to crash, resulting in a denial of service.
96ae5f484bf5f362eb5537aaba9e0c81e0f8f62b5f143ef1ce8ddc21845eea5bUbuntu Security Notice 6999-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
f2f3af31e74d781983843453894ecb4650b3d835bf822cc772b1ad0341cc9292Red Hat Security Advisory 2024-6612-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
9c7ed1224c702d1a80b23ebe089033d5b875958334f7fb880d98fa2fb7464180Nipah Virus Testing Management System version 1.0 suffers from a php code injection vulnerability.
1d5d8ecfee17bb9d29a68547de9e3007c6fb30acdff37b24dca3f23a371620ddRed Hat Security Advisory 2024-6611-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
37a4f42a2a7af9a422d5eee44a78dd59470b8c43eba23a1311ee30521c90abbeRed Hat Security Advisory 2024-6610-03 - An update for git is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
af3dcd63af790a01b6d007e241dc033200460b9035e71823a5fb30b7ffcfd440
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed