This Metasploit module exploits a command injection in Apache Continuum versions 1.4.2 and below. By injecting a command into the installation.varValue POST parameter to /continuum/saveInstallation.action, a shell can be spawned.
cf845d6fbc3b09514ed47ba1ed811ff6c6d343b0941a626f3ff4522492ad83c7Zabbix versions 2.2 through 3.0.3 suffer from a remote command execution vulnerability in the JSON-RPC API.
97a1eafdac1f66d26b0024943d2069cb5e55b0cc3215c9705548b97a7d77ddbaRSA Archer GRC Platform version 5.5.x suffers from a sensitive information disclosure vulnerability.
e9d9e9740fcc19e16903f5276534658fe27fa12046edd86511e33d352693f6e6Red Hat Security Advisory 2016-1222-01 - Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat OpenStack Platform. Security Fix: An issue was discovered in the image build process for the overcloud images, as used by director, resulting in all previous images to have a default root password of "rootpw". Remote root access via SSH is disabled by default.
57328f8210d5b295a596dfb0e1362d0f0ed92acbd9601df602b4091f2c01d259Red Hat Security Advisory 2016-1224-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions support performed read/write operations using I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process.
ad59149a8a4a31c1e49f2c7c04111870e3b67f13daa90a2517f45227802fe40bRed Hat Security Advisory 2016-1223-01 - Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat OpenStack Platform. Security Fix: An issue was discovered in the image build process for the overcloud images, as used by director, resulting in all previous images to have a default root password of "rootpw". Remote root access via SSH is disabled by default.
39baaf6211a66318f9c8905bb1b883a08b048793578a3794839e29e707c41851Samsung's SW Update versions 2.2.7.22 and below suffer from having insecure ACLs on its directory allowing any authenticated user to escalate their privileges.
4fd7871ec675d6f7a6b4d066d734cda6f750bb081f8734269b785590c3ec329eFlashFXP version 5.3.0 suffers from a memory corruption vulnerability.
0f230ac8dd2743f9697a7bbf4529866c74c7a0cfb46badab685854f7de08be6aJoomla Affiliate Tracker version 2.0.3 suffers from a remote SQL injection vulnerability.
7852443ef79d0bf279d04e2ebe1363b6c79bfa5315e0864ab56224b91c2ee236iSQL version 1.0 suffers from a buffer overflow vulnerability.
9c4f4323c6e410f10df86e0bf99e7338c3fd903870baadce9dd7cc5634c565e8iSQL version 1.0 suffers from a shell command injection vulnerability.
71795379b2520b5e3f9b370cf6d946805734bb8f4fd05bd4a6911d86266e7405couponPHP version 2.1 suffers from persistent and reflective cross site scripting vulnerabilities.
613a71e62224a9167b08b5ffb76111090d789619fb9da87b49f160d644c9b11eJoomla Pay Plans component version 3.3.6 suffers from a remote SQL injection vulnerability.
cec64fe7129690d498d6ba759794ef261c28659ae6897e75b0e02fb82cd61479Dream Gallery version 2.0 suffers from an authentication bypass vulnerability.
5f4ff3015ebafef18c78d04d6b9fc9a80f4de68d572f1e5b5e2e1d696451a178Foxit PDF Reader suffers from a memory corruption vulnerability in kdu_core::kdu_codestream::get_subsampling.
871b6d43404b215a9cc5a73169fe8e1e614a260904e3652ec205c927e6f78abfFoxit PDF Reader suffers from a memory corruption vulnerability in CFX_BaseSegmentedArray::IterateIndex.
66c6ed2a8c6927663518e475aad6258db533f83db364d57ecd5dbd32a552f81bViart Shopping Cart version 5.0 suffers from cross site request forgery and remote shell upload vulnerabilities.
190b74984e59c33687faceb9535fdc11b6432874afdba6e2fa666db12ad7fb15Foxit PDF Reader suffers from an out-of-bounds read vulnerability in CPDF_DIBSource::TranslateScanline24bpp.
a1c3aea8ea0711cd6aeb01cb05e999be9b8ba1b415ac39be9fe636e848788638Foxit PDF Reader suffers from an invalid read vulnerability in CFX_WideString::operator=.
435e2c8b057bc166a25a39d29a836eed49740832becb8b232e72eb4c4a4b7b1bFoxit PDF Reader suffers from a heap-based memory corruption vulnerability in CPDF_StreamContentParser::~CPDF_StreamContentParser.
38e03b4deb928a6b9eb0f1d0876e9e4bee2d79fada610ab59cdceb5abe0e3d9fGrid Gallery version 1.0 suffers from an authentication bypass vulnerability.
f05b051aa43b923a12566692500238e1b282bbc86ea14ddef75d64bff5abdaafFRticket Ticket System version 1 suffers from a cross site scripting vulnerability.
8527469fd19e7f5c5c540ddee7c8b40b47f3ad4c21ec96d6a078bbd2cf8b3fdeEasy RM to MP3 Converter version 2.7.3.700 .m3u exploit with universal DEP + ASLR bypass.
c1b6ff1ccc271bc2947e2458d9021c1994270c51f8e9a947e5c1a3834bd58107Riot Games League of Legends suffers from an insecure file permissions privilege escalation vulnerability.
068a99e6c2e99d9bcc6db11b9c72c5815c3965b16aeebe25b36576795c37c19bArmadito Antimalware suffers from a bypass vulnerability.
057ccef5354fec1d98a107a85aca95fd534e3b72fc282659bd24a9218a6f24e5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed