This Metasploit module exploits a vulnerability in Fortra GoAnywhere MFT that allows an unauthenticated attacker to create a new administrator account. This can be leveraged to upload a JSP payload and achieve RCE. GoAnywhere MFT versions 6.x from 6.0.1, and 7.x before 7.4.1 are vulnerable.
035ed04146400771edc30f7f2428017890a815d0e2f43a4345934b3f301ed59eGentoo Linux Security Advisory 202402-1 - Multiple vulnerabilities in glibc could result in Local Privilege Escalation. Versions greater than or equal to 2.38-r10 are affected.
dc5103364dcaf34b9733e914efeb23949628b3316a7502944e9a2800aca0bbdbDebian Linux Security Advisory 5613-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions.
f609441d6fb4c40057305e6428732ca7ac0e44c809f5eb956a054b02d0ed1ef4Ubuntu Security Notice 6621-1 - It was discovered that ImageMagick incorrectly handled certain values when processing BMP files. An attacker could exploit this to cause a denial of service.
d38033701261e34456f9c4b4ae618fc4e2d85060257a1b6c7c655a752562ae15Debian Linux Security Advisory 5612-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
5e76bed3819f315e7a0c764d370439b3892001d90b2731baafa780fd5607d130This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo() function on the login page of the target device, allowing to inspect the PHP configuration. This script also has the option to save the phpinfo() output to a file for further analysis.
56c0a0ad9dba5be91bcf88dbed7e2234e764bf5d6166e8250dfe5f1920543e02PCMan FTP Server version 2.0 pwn remote buffer overflow exploit.
612b3315639952f6579988ab804091c2e90337cd6f2b149aaefbbdb20a2fe647Proxmox VE versions 5.4 through 7.4-1 suffer from a TOTP brute forcing vulnerability.
f6755f8049ac69e2c063c87bf2673dccb28891987f8680a53ee28fbd10c2725fTP-LINK TL-WR740N suffers from an html injection vulnerability.
c2d5b2f78c31443c2f29cda3d1383f4415c4b2164a247d2589a51184dce6dfa1GoAhead Web Server version 2.5 suffers from an html injection vulnerability.
24379e92a45cc4550d65aa00b2c98eadf098d5bae864bf1e06214b44e2d34384ComSndFTP Server version 1.3.7 Beta remote denial of service exploit.
34646dc1a109dda2502eeca999e4fa7c3c681afd7aaaed11431e026ca5a4ef70Red Hat Security Advisory 2024-0647-03 - An update for rpm is now available for Red Hat Enterprise Linux 8.
ffa4df92c034f91bf4ce66eb09e3a8bdf965b0eb65934d6f737ba2139bdc39a7Red Hat Security Advisory 2024-0484-03 - Red Hat OpenShift Container Platform release 4.13.31 is now available with updates to packages and images that fix several bugs and add enhancements.
ed0abdf5084bca41a7e826e8b9844a8e96dedf41534bff01ec99c36841743575Ricoh printers suffer from directory and file exposure vulnerabilities.
31acfb08de8679ef2afbf02b48cab1579ec579e4f6c07c0aa39c1643b2c3308dTypora version 1.7.4 suffers from a command injection vulnerability.
d9a8303041fe933057079d7b5819ba2a1d470244be63a85e854c72582cdc68c4Bank Locker Management System suffers from a remote SQL injection vulnerability.
46a04657e32ff403a333ece7b5aa8f9a4a9f589a69f49b77ec5ba36c7e157381Grocy versions 4.0.2 and below suffer from a cross site request forgery vulnerabilities.
8a9d5dbb9c863db010ccc5c72b8a8ce2a60d29424a64648b8ed644b847a9f54fWebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs. The victim has to interact with the link, which can then enable an attacker to bypass security measures for malicious file delivery.
697050685574d8cbeaf2f42aaa7b87535a8f6cf1ec1ce436dac7c656340576237 Sticky Notes version 1.9 suffers from a command injection vulnerability.
0c02db19a734643da060c0229774925d3b573c1cd14af3e353f41e6564eeba31
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed