Fortinet FortiOS versions 5.4.6 to 5.4.12, 5.6.3 to 5.6.7 and 6.0.0 to 6.0.4 are vulnerable to a path traversal vulnerability within the SSL VPN web portal which allows unauthenticated attackers to download FortiOS system files through specially crafted HTTP requests. This Metasploit module exploits this vulnerability to read the usernames and passwords of users currently logged into the FortiOS SSL VPN, which are stored in plaintext in the "/dev/cmdb/sslvpn_websession" file on the VPN server.
2149c48a70e99a03545bfa957dc701afcfcd46b50a3e6c27f2d9507f99388036The Joomla Sar News component suffers from a remote SQL injection vulnerability.
830daf4e1ba5be84791550d610a3800bed5310614ab11ff335441dba61ccce89BanCh version 1.0 checks hosts for selected banners. Available services are FTP, SMTP, and HTTP. Provides anonymous FTP login checking, CGI scanning, e-mail address extraction from web pages, and other features.
88e8a7cdbf8d9b2ebe41ee1f88fed3fc1fc2eab51e9269d927ea195ecf2edb1fSignatureDB is vulnerable to a denial of service attack due to a buffer overflow in a sprintf statement.
63a06ca66a5273103422bc7ed4658d21d246ba1116ba9a6e1d2549646f4199caSignal handling in the myServer webserver for Windows and Linux does not perform proper trapping, allowing a remote attacker to DoS the server.
39d24e0bf7039655f777a3ec241d81e2d5c2ad7d2f230207fedcc80f5217e6f8klgr is a basic keylogger for Linux that loads as a module, but will hide from lsmod.
a78acf15db3c7c1cd70f1439dd7d6b36d63c23e525a24aed8d77ea5835763498
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed