This Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed less than or equal to 2.0.1, libcupsfilters versions 2.1b1 and below, libppd versions 2.1b1 and below, and cups-filters versions 2.0.1 and below.
16431cc7dbb038947f886cccbda9ff1e8abb4ffdc1cbb4066839871766422f13This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploading a malicious PHP file to the server.
e395c3372dc6eda5878d64b4b3e2b759c5bfaffe8d57ca9fdfd36a0bab7bf55bQualys discovered that needrestart suffers from multiple local privilege escalation vulnerabilities that allow for root access from an unprivileged user.
5e1a7285b40cf60a49ec4d0075d1398f00688905145e895ec8cd09d0cc0d9564fronsetia version 1.1 suffers from a cross site scripting vulnerability.
bbfd522cfd5160099d31a809ca9257e08bb97dcc37b7bf13572eb09dcfd1ed25fronsetia version 1.1 suffers from an XML external entity injection vulnerability.
172877845afd1a0942227a2a28e855668aafeacdb04ad37754aebeccf82f3a9dPowerVR has an issue where PVRSRVAcquireProcessHandleBase() can cause psProcessHandleBase reuse when PIDs are reused.
18d88674b2b9ce3ddaccd51818379af5893ab0c36e6eb07d67ee93245da55ea8A security-relevant race between mremap() and THP code has been discovered. Reaching the buggy code typically requires the ability to create unprivileged namespaces. The bug leads to installing physical address 0 as a page table, which is likely exploitable in several ways: For example, triggering the bug in multiple processes can probably lead to unintended page table sharing, which probably can lead to stale TLB entries pointing to freed pages.
d415d186ac0cd0e8590e6af8e512c75a753a301cb3c1ff5d14ad6ae5cf28a43eKorenix JetPort 5601 version 1.2 suffers from a path traversal vulnerability.
eff7e4d263326b019575dc31027a65c20b18d4241b61e5bb7f9dcd9114150ac6SEH utnservyer Pro version 20.1.22 suffers from multiple persistent cross site scripting vulnerabilities.
8a817f7a2f70f702d665df042fc9c3e7290ebdec05e9d80aed3e21cb27a39f2bFaraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
30b3b1062287c7e55a12390a34c85d5cdfb4bd7d90aaa2c4218e3319a9a8f1ffUbuntu Security Notice 7015-6 - USN-7015-5 fixed vulnerabilities in python2.7. The update introduced several minor regressions. This update fixes the problem. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
667ae966414c566b7ba032fe92060c7e3cfb42504b259cece2ff73a5eb36f7f3Ubuntu Security Notice 7120-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
57646a3034886c2e86bcd31eac59da5e06ae61f49b9a18b53b079814bb1416c0Debian Linux Security Advisory 5812-2 - The postgresql minor release shipped in DSA 5812 introduced an ABI break, which has been reverted so that extensions do not need to be rebuilt.
119fdfa54487759cb1de347360df65467051a83c5fce14cae4cc4a6a0ec9f835This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware. This release is nicknamed "Orca".
43f0f5ddbbca478c5be33a6392847a99e2fda47b0a2d21e89fed4a918808f405Nosebeard Labs has identified a critical vulnerability in the Apple system wide web content filter that allows a full bypass of content restrictions. This vulnerability, which occurs specifically when Screen Time content filtering settings are enabled, permits users or attackers to access restricted websites in Safari without detection. The timeline in this advisory is probably the most interesting thing to note. It shows a Fortune 10 ignoring a concern for years until a news article gets written, and that is truly disappointing. Do better Tim.
dac23cf7b975a01eefba7d69a286e43f5f4af5b56cf17d643a27e418ee7e60edRed Hat Security Advisory 2024-9806-03 - Red Hat build of Apache Camel 4.4.4 for Spring Boot release and security update is now available. Issues addressed include a code execution vulnerability.
e5a1fe2a8a8abdba703cd554ce001244eeb6964bb505e9270a87878516a76a06Apple Security Advisory 11-19-2024-5 - macOS Sequoia 15.1.1 addresses code execution vulnerabilities.
673b14a99725a70874faebe9587a107cc5fbae5423965b93d84ad6e8a0b21673Red Hat Security Advisory 2024-9738-03 - An update for squid is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a denial of service vulnerability.
f7656d072370c3688e9739dc85e0c57665ef6fec0943e29f4003051d03d50389Red Hat Security Advisory 2024-9729-03 - An update for squid is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
034666b474cdc0aae94a16911d0fc7dc56e80cb2640bbd89bd15e923f0f8de1eRed Hat Security Advisory 2024-9690-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow and privilege escalation vulnerabilities.
e06e4b3943cb9cd32e98e0796f2b8793271bd95d04ead69e6376bb29edfd77b0Apple Security Advisory 11-19-2024-4 - iOS 17.7.2 and iPadOS 17.7.2 addresses code execution vulnerabilities.
25e2616d143e5a6c02a25baf655b4c3ddde1a0de992a7276ba8e26c156982841Red Hat Security Advisory 2024-9689-03 - An update for binutils is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.
6b09897810addb43dd9a56838b03ec57ada28cede64e21984c80bf9d46fe9c83Red Hat Security Advisory 2024-9679-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
a072c4a79a7fba3d9f798f6c536dc83e6ba851f5eaf528700d2eb523fe8015bdRed Hat Security Advisory 2024-9678-03 - An update for squid is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a denial of service vulnerability.
42ac9bf77ddc647502727f158429f1b9c2f42491324154ec31d91d09aba212faApple Security Advisory 11-19-2024-3 - iOS 18.1.1 and iPadOS 18.1.1 addresses code execution vulnerabilities.
1811cd2f89b56c17afd3dd246138796cc0278ab19801137b1d427a1c4b2ee94b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed