MalwareFox AntiMalware version 2.74.0.150 suffers from a local privilege escalation vulnerability.
0cd89e4424f7e5ca7ded334e2c740e198543904d8777a8c6b61bd1ff38a9c646Netgear WNR1000v3 suffers from a cross site request forgery vulnerability.
2af80b2ce51ed8b874bfcf4a11cfc41b69330dfdb9a8c12db63e7e709e6d4e81This Metasploit module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec payload code execution is done. Exploits a type confusion between Transaction and WriteAndX requests and a race condition in Transaction requests, as seen in the EternalRomance, EternalChampion, and EternalSynergy exploits. This exploit chain is more reliable than the EternalBlue exploit, but requires a named pipe.
77604488f33765e26b911f571e2011c59ddbaa3a8165e52e5cdbb9a739f4fb99This Metasploit module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace ("container"). Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports to a container's Apport by changing the root directory before loading the crash report, causing 'usr/share/apport/apport' within the crashed task's directory to be executed. Similarly, Fedora is vulnerable when the kernel crash handler is configured to change root directory before executing ABRT, causing 'usr/libexec/abrt-hook-ccpp' within the crashed task's directory to be executed. In both instances, the crash handler does not drop privileges, resulting in code execution as root. This Metasploit module has been tested successfully on Apport 2.14.1 on Ubuntu 14.04.1 LTS x86 and x86_64 and ABRT on Fedora 19 and 20 x86_64.
9c651a9002f5646905fcb8abdec1552897cd260c341ec403e60727c2cf691713Claymore Dual GPU Miner versions 10.5 and below suffer from format string vulnerabilities.
7e6c1869c49221779469d27c21694cb9da2d490681b9871dbb8969ba1febc035Ubuntu Security Notice 3556-2 - USN-3556-1 fixed vulnerabilities in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to bypass authentication and access sensitive information. Various other issues were also addressed.
ec5451f5f5fbad1a4b5d212e71f5225bc2c339fdc87e030edc7b410d020b013eWebKit suffers from a use-after-free vulnerability in detachWrapper.
d17589f8c87f68f43fdc0fdc6baa36cb0aad0bbdbb624cbb94def83e1f56fbfaWebKit suffers from a use-after-free vulnerability in WebCore::FrameView::clientToLayoutViewportPoint.
4fb18455a7824410e8bc9a432a98671261c8e1cd41ff089a645fad3cbe7dc9bdFiberHome AN5506 unauthenticated remote DNS changing exploit.
52ab5c27dac6afe5f83b6fd4783d12125c72d521566458a00a91fbfeb81121c7Oracle Hospitality Simphony (MICROS) versions 2.7 through 2.9 suffer from a directory traversal vulnerability.
6570490d9880f31aeb7fdbff964f9a9005e9983ee73dd712856ca52a42a37078Joomla! JMS Music component version 1.1.1 suffers from a remote SQL injection vulnerability.
63fee11fd94329ce5734e84e7df1fc7e8f180f28dc8a34cc0962d2b071ca2ff5Joomla! JEXTN Reverse Auction component version 3.1.0 suffers from a remote SQL injection vulnerability.
499b7bb35d134b9e0eb49f2f6aa38a49ecbd6da6bc24a8f425a03e7875c221a3Event Manager PHP Script version 1.0 suffers from a remote SQL injection vulnerability.
7d4c6f79ed1d4fc794778cccf380429bbfd8fd82ce874aa4bfcf2201e86e91deJoomla! JE PayperVideo component version 3.0.0 suffers from a remote SQL injection vulnerability.
389817dc94ac3d964a75d021d61899ad6b846a254964cc66a51c44bc97115921Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.
a12cb641290b2c83f598df89e91ebe5a4fada4b6fd008797fc0be41358edcdd4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed