This Metasploit module exploits a vulnerability in WinRAR (CVE-2023-38831). When a user opens a crafted RAR file and its embedded document, the decoy document is executed, leading to code execution.
28f3b59d37ee5a8aa6ff17510a7cd49a93cb8fcb3b1027ca4545c6a2e7de6f4fThis Metasploit module exploits broken access control and directory traversal vulnerabilities in LG Simple Editor software for gaining code execution. The vulnerabilities exist in versions of LG Simple Editor prior to v3.21. By exploiting this flaw, an attacker can upload and execute a malicious JSP payload with the SYSTEM user permissions.
6932d8048db104bdeaa927b23fea68a29152e32fd74b6498bd70fa53bbc37270This Metasploit module exploits a series of vulnerabilities - including auth bypass, SQL injection, and shell injection - to obtain remote code execution on SonicWall GMS versions 9.9.9320 and below.
90d7acef05664be1e0b28da7f711f5c30f094179ef8916c47f28a2418a07056eThis Metasploit module exploits an unauthenticated command injection vulnerability in the key parameter in OpenTSDB through 2.4.1 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.1 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the key parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.4.1.
34f1ed88046d0a1cb1d6424711b6f621117f401a0d42ebfc307dc277ada181d2Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the Kibana process on the host system. Exploitation will require a service or system reboot to restore normal operation. The WFSDELAY parameter is crucial for this exploit. Setting it too high will cause MANY shells (50-100+), while setting it too low will cause no shells to be obtained. WFSDELAY of 10 for a docker image caused 6 shells.
218aabf6c87ec8ccc508ad1d2d5d2ca8b265eead008ca12a1926cb66c80614abThe Microsoft Windows Kernel has an issue where a partial success of registry hive log recovery may lead to inconsistent state and memory corruption.
8d90d52ff176f1f9884d9ffea04d9338aa0c0d819ae01d9535ea91d209a17c4fThe Microsoft Windows Kernel suffers from out-of-bounds reads due to an integer overflow in registry .LOG file parsing.
2cb8dc117b540fd74b32ad5e82a39042ad150a5cea6b1be9d4e6170722bb1281Gentoo Linux Security Advisory 202309-1 - Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.56 are affected.
dc5871533e13156b91fb7cf28c6fd6c36590e9f6ffe781f90ae64c33fe7200beUbuntu Security Notice 6355-1 - Daniel Axtens discovered that specially crafted images could cause a heap-based out-of-bonds write. A local attacker could possibly use this to circumvent secure boot protections. Daniel Axtens discovered that specially crafted images could cause out-of-bonds read and write. A local attacker could possibly use this to circumvent secure boot protections. Daniel Axtens discovered that specially crafted images could cause buffer underwrite which allows arbitrary data to be written to a heap. A local attacker could possibly use this to circumvent secure boot protections.
c68601357ce389f48c2c2aed91b14822cc8a3b09a8f0b6538ffabaab39253206Ubuntu Security Notice 6354-1 - It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this vulnerability to perform an XML External Entity injection, resulting in a denial of service or information disclosure.
55bae84a27165496e4c61f96e67a29907c9b0b2752c81b4e650223bf8ebf69c7Debian Linux Security Advisory 5491-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
3a6cfcbdc911ffcc1d3db52f8089b5fad3df27b575010e4f29577ea3ede1e7d0Red Hat Security Advisory 2023-5030-01 - An update is now available for Red Hat OpenShift GitOps 1.8. Issues addressed include a denial of service vulnerability.
97843276598eea2ea7489f9a62bfd3a2d737884ff71839698ee2fd3173769301Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.
c0291459c882477e013eaea14c0f82d0a59d74dddca3fd7408915b71c5865c3fEvent Ticketing System version 1.0 suffers from a cross site scripting vulnerability.
9d31a0bc4ced5634ea569847d5f97ea5c94eb3a679608aa038f73927e788ae98SyncBreeze version 15.2.24 suffers from a denial of service vulnerability.
db5425e602fa3c8ca08a2a546f3f0cd0197353581124426e5fbf87daaf0f4b89GOM Player version 2.3.90.5360 suffers from a buffer overflow vulnerability.
095cf8e7420dea3e63052a39072f97a844f5104cf7c1241acd3d794e4a3d4775Drupal version 10.1.2 appears to suffer from web cache poisoning due to a server-side request forgery vulnerability.
bae7ee7ca74d0d64c1344141e791c8d6d0db4ab73d42cc624ef98154db59b959Wp2Fac version 1.0 suffers from an OS command injection vulnerability.
572b3a89bc7bd59c112de7cf4030e672dabf6d4e4058507b39c7cce36ba8c157476 bytes small Windows/x64 PIC null-free TCP reverse shell shellcode.
bba5751e922713bc181d1684a80fe65ee53eab2de87b3bbaf9cb5fc3fdccc945TECHView LA5570 Wireless Gateway version 1.0.19_T53 suffers from directory traversal, privilege escalation, and information disclosure vulnerabilities.
d1257e7bf2cdf6fd21b1cc76b8960cbdf567e1b24499e73c14da1c1903331e35Soosyze version 2.0.0 suffers from an arbitrary file upload vulnerability.
9bf6b6526253f4c7c6238da3c5ad49f7a905e6d95335d5b8a7f1c835151822b1Axigen versions 10.5.0–4370c946 and below suffer from a cross site scripting vulnerability.
fe2b4328c2557a11918de6f341b200a07afaf0512f0b5909133817cf704b934bWordPress Elementor plugin versions prior to 3.5.5 suffer from an iframe injection vulnerability.
f6d2c7c9416faacac186c0f77b71b33febe7a88478054363920eae66b1698273OpenSSL Security Advisory 20230908 - The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions.
d6e94a3126e644bbaa13389ba335ceeae5306ba99c3e42bf3217ce69144d0f9c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed