Due to a missing authorization check in the SAP Solution Manager version 7.20 LM-SERVICE component, a remote authenticated attacker could be able to execute privileged actions in the affected system, including the execution of operating system commands.
ad2a546198819c5e3808faa124d00d50475caa98031463ff99dd70806f19a4fdRed Hat Security Advisory 2021-2439-01 - Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 21.0.0.6 serves as a replacement for Open Liberty 21.0.0.3, and includes a security fix and enhancements. For specific information about this release, see links in the References section. Issues addressed include a cross site request forgery vulnerability.
8b2230db5e8c211ead2a66762f0f0f91cd6148f434a40828d0695e5bb82a4aceA malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication in order to connect to the respective TCP ports and perform different privileged actions. SAP Netweaver JAVA versions 7.10 through 7.50 are affected.
805643e688fbee4c048d322779d58d6f9b53b1939424fabfb2fd739907f62af5Red Hat Security Advisory 2021-2417-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
3c595b7021ce12025e736ffc6ff486221878057213781ddc7b12b2a0b073e615By abusing a code injection vulnerability in SAP MII, an authenticated user with SAP XMII developer privileges could execute code (including OS commands) on the server. Versions affected include XMII 15.1 lower than SP006 PL 000062, XMII 15.2 lower than SP003 PL 000038, XMII 15.3 lower than SP001 PL 000022, and XMII 15.4 lower than SP001 PL 000007.
69744f870d334f7a6c685c786466810e8972c0a978bc2ed72164e0f20f04a019Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
0e34c47f7505c4efb885cf893083386ee847d508f5711906281071f14a1c7a75Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
a0eb967f23b5f50643df5939f9d322a85eaf739d0393d4d5c32d36652c3abb25Any authenticated user of the SAP Solution Manager version 7.2 is able to craft, upload, and execute EEM scripts on the SMDAgents affecting its integrity, confidentiality and availability.
bdc7e6c1e337b3a9375a591f67ba31840609fc29cc4d04938ddbb01ed4b453aaThe End-User Experience Monitoring (EEM) application, part of the SAP Solution Manager version 7.2, is vulnerable to path traversal. As a consequence, an unauthorized attacker would be able to read sensitive OS files and affect the availability of the EEM robots connected to the SolMan.
e7df5522b5218db217d73908552d4067a8c0fedc1d3ce58d9455d1d4c14f7d01SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from having default hard-coded credentials.
472008089fe805ca278b030c1c5074c99b2877ee00a4db2ac51d3e76c1b7e7e4Client Management System version 1.1 suffers from a remote SQL injection vulnerability.
a63d71356fe457b96fc7a8ee545c9456e274adf943f4481d80b1d39c482ae2cbClient Management System version 1.1 suffers from a persistent cross site scripting vulnerability.
441c5cfcc05fc15071981f09dfeaa1dc95038ff7a1421cebb5793d6b6a8674e5Red Hat Security Advisory 2021-2420-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
d056fb26772390e49e5bd7648bcf24f87308a7ab4681e4c71c8942b55196955eThis Metasploit module exploits an authenticated command injection vulnerability in the /cgi-bin/pakfire.cgi web page of IPFire devices running versions 2.25 Core Update 156 and prior to execute arbitrary code as the root user.
4e45a5b58bb25a9e1400104eecea5f80262e1ed574a38b2fbeeaabd60cc42511This Metasploit module lets you create a batch job on HashiCorp's Nomad service to spawn a shell. The default option is to use the raw_exec driver, which runs with high privileges. Development servers and clients explicitly enabling the raw_exec plugin can spawn these type of jobs. Regular exec jobs can be created in a similar fashion at a lower privilege level.
eca23d54183cd0e5af582ee2589f0f2a4c94fe7f480b0f8f8352c5c49fa7edc2SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from a command injection vulnerability.
98a2961b16ad9e9f794ffa70067807ac00d45185e9401b26dfb8f0385594eaf6Ubuntu Security Notice 4988-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
5551539bfee9d759009fe862c47462e4fe2c567bec95ae55b9737c8afccdf944Red Hat Security Advisory 2021-2419-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
de58430682e0b368900b8a8139f233bf5ec3470e8c9d93208ecb057d3c55e251Brother BRPrint Auditor version 3.0.7 suffers from an unquoted service path vulnerability.
eea4eb2861813f9eead342f803bca539325137ba285c9686b1f7ea32e9385780Red Hat Security Advisory 2021-2286-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.16. Issues addressed include a remote shell upload vulnerability.
ece0bc4caa2fe2afa806da433841d46e04bb783b0678dc25fab79a4e0d765379This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.
6f2b6fbc58bcb6f703bd6d4a439b0bd64de13c645bc50f0f2f21b49152561b36Red Hat Security Advisory 2021-2422-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
76aab2be6e1650642d7519c7d8a982f57b80ea1e809797ecce25c9f7bb048d6bSAP Hybris eCommerce versions 1808, 1811, 1905, and 2005 suffer from a vulnerability that allows for exposure of sensitive information.
be80a105ede0e4c57f1aa93c09a09a6c5c8190a2a37c45afcde4e0dcad131541Red Hat Security Advisory 2021-2416-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
389a8364195ce0e2b16a88239fc602ff9aac49df361d6ee3353b56033f25c7f4Red Hat Security Advisory 2021-2414-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
53f6fc659bd4568c5cebc72dc22eac1c3ce93a86c0c30bca0ac28ff25364ecf7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed