Real Name | Jeremy Brown |
---|---|
Email address | private |
Website | www.patchtuesday.org |
First Active | 2008-07-15 |
Last Active | 2024-09-17 |
Dockwatch is a container management web UI for docker. It runs by default without authentication, although guidance is available for how to setup credentials for access. It has a Commands feature that allows a user to run docker commands such as inspect, network, ps. Prior to fix, it did not restrict input for parameters, so both container and parameters for the dockerInspect command were vulnerable to shell command injection on the container as the abc user with (limited) command output. See commits 23df366 and c091e4c for fixes.
4dc88e4bbab7011783c0ecfab89efa0414dbb5928fb33b19bb6580f2eaabe3c2
This Metasploit module exploits an unauthenticated directory traversal vulnerability in Cassandra Web Cassandra Web version 0.5.0 and earlier, allowing arbitrary file read with the web server privileges. This vulnerability occurred due to the disabled Rack::Protection module.
1fcf8bcb9a5c390a3d9ee4018429d16d6138dbe119755c56e7f809909dd5bccd
This is a proof of concept exploit for the Apple macOS remote events remote memory corruption vulnerability. It serves as a toolkit to help debug and trigger crashes.
b71c042ede4f92abca7d1cc98ba26d58de335a31e253ab82c25fea5b3120ba80
NVIDIA DCGM runs on machines with NVIDIA GPUs to gather telemetry and GPU health data. nv-hostengine is a daemon that by default listens on the loopback interface, but can also listen on the network for requests coming in on port 5555 (remote mgmt). A native client named DCGMI allows users to make requests to the daemon to support a variety of functions. Malformed packets can cause the daemon (running as root or user account) to crash or potentially result in code execution. Versions less than 2.3.5 are affected.
2b77e249b980c3871a0f2ac4cb6decec29e1672c0858391ed0910b4b6867f9f3
IIPImage is distributed with a server that enables advanced, high-performance image manipulation for web-based streaming and viewing of high resolution images. The server component called iipsrv.fcgi processes requests from users and passes them to command handlers. Several crashes including an integer overflow were discovered by sending malformed requests to the server, allowing remote users without authentication to perform denial-of-service attacks or potentially crafted for remote code execution as the server's running user. Versions at least up to 1.1 may be affected.
469b8801bf0145e552808075cd1f841e7ae3b8e88fcdd656bd6e310c9da61211
libMeshb suffers from a buffer overflow vulnerability. Version 7.62 has been released to address this issue.
4eb31ef6c78c0a4496bb470b1fbeb940f7fb6e6336a12f36aa32c13366a7a515
Comma devices running Openpilot suffered from an insecure configuration when SSH is enabled where the private key is publicly known. Additional security hardening improvements have also been made in recent releases to address other concerns as well.
97e4a789717fe1480fe02588feff13555897da5c681197fa1c988ec56942dcff
GtkRadiant version 1.6.6 suffers from a buffer overflow vulnerability.
14f9015f9b6fd0206b68903bbe51b7ceaf2ff6f2d18427ab50c01e183f4465a8
litefuzz is a multi-platform fuzzer for poking at userland binaries and servers.
f25a4127aa0a0332f8898ed435abea7ff3f6fdf48ec55273a12cb50f97f07dd3
Ulfius Web Framework suffers from a remote memory corruption vulnerability. When parsing malformed HTTP requests, a heap-related initialization bug is triggered resulting in a crash in the server or potentially remote code execution with privileges of the running process.
bcece9074fff2d52274f17c6d4979214834ae5a855709f997bd265bfd66f6259
Shoutcast server version 2.6.0.753 suffers from a remote authenticated crash vulnerability.
991ebf15a2fad6e84c2cb8c0596024371c0ae5aa7b0309a15458c5be942d417d
Riak runs as an Erlang service configured with a default cookie of riak that allows for remote command execution if not modified before use.
635d63c416e6d16fc7edbd391f31e513f403e171612e8d0cf4351c1d333c9320
Okta Access Gateway version 2020.5.5 suffers from multiple authenticated remote root command injection vulnerabilities.
fde1ff592fc34fc94cc529909b2816a1c21c20b0fb847dc8e826cd07707aeffa
Docker Dashboard suffers from a remote command execution vulnerability. The fix is added in commit 79cdc41.
9b77e4733c86f91e56473cf9d0f921975dafea71ff7b3a299b9f700be4daf219
HPE RDA-CAS version 1.23.826 remote denial of service exploit.
851ec48c64b3059e512be8c1c4393fdfd9f503accfd3a295ba4254513c87e474
Cisco Modeling Labs version 2.1.1-b19 remote command execution exploit.
29df00cdf8fbbcafabb5f3a4cccb147529145b52b4f8832dee4e09e3d2d05d94
F5 BIG-IQ VE version 8.0.0-2923215 post-authentication remote root code execution exploit.
06ca92ed589ce099a31c2500c551bcdd8f20879de941a5f994508892b97ce94e
PIMT is a Public Infrastructure Monitoring Tool (pronounced PIM-tee). It queries common recon tools for publicly available data regarding particular organizations based on the domains and keywords provided. It is not meant to provide complete coverage for every external asset that belongs to a company as attackers usually do not have this detailed info or mapping either. One can use it to paint some sort of picture of what external attackers may be looking at, the changes occurring over time and insight for how to further harden the perimeter. The key idea being to provide valuable data to red teams as well as addition al monitoring capabilities for defenders.
4bd0c008c5efb7d3027fbd1752dcb69e6e2c963201bcecf7ea8cdbff06b2a4ea
Zoom version 4.6.239.20200613 suffers from a Meeting Connector post-authentication remote root code execution vulnerability via the proxy server functionality. The latest Zoom client has this issue patched per Zoom.
a841b2931fe578788c8622d32483f5ecfa1a1ef799aac55dcc45a85daf624fc2
Openpilot has a default SSH key that can allow attackers remote access if not changed. This script port scans and attempts to login to Openpilot SSH servers with the default key.
7dc874bafc8e1284b57778d532d5d0599963bfb86f1318f023153827514112f5
HPE Edgeline Infrastructure Manager suffers from multiple broken authorization flows that allow for administrative function access without authenticating and can allow for arbitrary password changes.
87121a708a5d58e0787d22fbc3bc5c2a8bf7f3c2c03fd87d6efdd1247efe1119
Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it and provide the web access, so they are also one thing that can be captured via the arbitrary file read. Version 0.5.0 is affected.
be82376a69ccf9d5d95a794429f042870509dba311154ba5e350b1dd69148aec
Stratodesk NoTouch Center virtual appliance suffers from a privilege escalation vulnerability. This was addressed in version 4.4.68.
bc1e49f9a8def3aa6ccdabef93414743d37482014f5ffd7cf5069cef8ed88f82
estr2bc is a python script to convert arbitrary string input to Erlang bytecode.
ea4aff1b7084945953980fb63882fb41c9d14b2cd6acf58e45a9f68cf0428975
This Metasploit module exploits a command injection in Ajenti version 2.1.31. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
19a60244a9981506c6ee38b26a274f9f9a7867cb46ae450c4e77577fc35a1e1f