This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don't adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution.
3acc84b6f8e63aa4048c020f1cbb6715f0ebe485e8a5e708cb011992316f75e9The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication. Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the content of all blogs and pages inside Confluence. All versions of Confluence starting with version 6.0.0 but less than 6.0.7 (the fixed version for 6.0.x) are affected by this vulnerability.
81936b182168b27dc4d9e1c13e26ed7b479fb032c93be23162cb3365c172323eHDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated. Apache Hadoop versions 2.6.x and earlier are affected.
9b5a91772515b1e4ae857e6ca6ac791ebbdaa6bbd1627cc0c0adba28beade403Red Hat Security Advisory 2017-1162-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. The python27 Software Collection has been upgraded to version 2.7.13, which provides a number of bug fixes and enhancements over the previous version.
b074a1dc77a800a7bb251bd62b55be188b14ba2806e7964428a041350866d803Red Hat Security Advisory 2017-1161-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The httpd24 Software Collection has been upgraded to version 2.4.25, which provides a number of bug fixes and enhancements over the previous version.
710ab5969c463a1c7526a5fa70f4c55c2c4077082b7622e31e2ba0c00acae88fDebian Linux Security Advisory 3834-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.55, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes.
59d5022065b13db104d76c6cf33448b7aeaad523f65291a09a7062fb8f89fd1aThis advisory describes a local privilege escalation via guest-account in LightDM found in Ubuntu versions 16.10 / 16.04 LTS.
7eb1528e323459cf945e526fa778e82b210bbab5581e8b3874acbbb6985be89bRevive Ad Server version 4.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
9b20861399242f421125d6cddee8358bb6037a5865345c3a5ebdec01677a1a12WordPress KittyCatfish plugin version 2.2 suffers from a remote SQL injection vulnerability.
a4877136efa694bcaee8945f73d5de695ee4183498b934dc7da953057347ce00WordPress Car Rental System plugin version 2.5 suffers from a remote SQL injection vulnerability.
3034b15ff4a4dd951d6e2ebbbef527273be7831ab329280838e1bed1d54c133cWordPress Wow Viral Signups plugin version 2.1 suffers from a remote SQL injection vulnerability.
1e7973e041daae94cfd856d15e3742257fbbfd52d3cb5da6d9efd2b63a557dafJoomla jDBexport component version 3.2.10 suffers from cross site scripting and path disclosure vulnerabilities.
3ab8bfb5be2c4d68658ca37c0bf9e9bf28092a264d0f47d7eb35a36301253ad7WordPress Wow Forms plugin version 2.1 suffers from a remote SQL injection vulnerability.
416ee10e980c32577e0d410f4aa3636a5a328b52e38a76eb9139197df9da9559A write up by the hacker who hacked FlexiSpy.
210438ee4534c14e66292144d27d635e0535da4750c255a43ca819509ebce9a3Whitepaper entitled HackBack - A DIY Guide for those without the patience to wait for whistleblowers.
8a4bf253d346e6edb5debbc3d0af1853e0c2c708d9b3c1a2b28a8685f580d674Whitepaper entitled HackBack - A DIY Guide. Written in Spanish.
cd9224d9caca3f6b88269980123d5374486f1353fbc9efb50253557b2a53a6c0Whitepaper entitled HackBack - A DIY Guide.
13106443a0101118a7a673f7eab1962e92e195d9d493092b209fc627e5dc9db6Microsoft Windows 2003 SP2 ERRATICGOPHER SMB remote code execution exploit.
e09a6f487b36b8b0d05b9379162b5a10008814385417197a29eda6a60fac1a6bPortrait Display SDK Service suffers from a privilege escalation vulnerability due to an insecure service configuration.
bb0d1b7787b6ec46caf94bb51f129ccffd1be7a7a0ce6cb68b3a93e46de94b3aJoomla MyPortfolio component version 3.0.2 suffers from a remote SQL injection vulnerability.
d9871a4cd77cf348eaa86ab4fb9b5655b8b0451c772ee4e36b81774fbf4687b0Flyspray version 1.0-rc4 suffers from a cross site scripting vulnerability.
468a85a47c02db85d70f6d872139aec25745c6e534d90f93bbacc4175cd94a6bSamsung Smart TV Wi-Fi allows for unfettered access to rogue devices by strictly whitelisting access via a mac address.
5484d0c90115f29a703f9d405c97f1fdb64081d6cfc7a7919eec183b94a06f03Private Tunnel Client version 2.8 local buffer overflow SEH exploit.
07babd3d9523494c03dae1c1130f656b9f713d8830379d358cc37ba047d611c4Uberscan is an IP scanner and brute forcing tool all in one. Written in perl.
03c619eb7a6756875cfd4de5de3f9b6bbc71cdbe72137814c254f2a9116ad397This paper outlines the research into performing a remote attack against an unaltered 2014 Jeep Cherokee and similar vehicles that results in physical control of some aspects of the vehicle. Hopefully this additional remote attack research can pave the road for more secure connected cars in our future by providing this detailed information to security researchers, automotive manufacturers, automotive suppliers, and consumers.
d7f534a978ca4d25721f39404f7aad67339b186a0025047f6293bf98556c1d36
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed