This Metasploit module can be used to leverage the extension functionality added by Redis 4.x and 5.x to execute arbitrary code. To transmit the given extension it makes use of the feature of Redis which called replication between master and slave.
8a25e4a7af0bb0c47237e268c64439b1ccedef5a35d240b4946e5ec04d9df945WordPress Simple Membership plugin version 3.8.4 suffers from a cross site request forgery vulnerability.
7e996b9a0d5c55ce682f3a72f364856b363009662f11039014a1b488c29f8035Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. Various other issues were also addressed.
6816c4785b56430dc635ceb03383ffc424c8c6dc0006c08814cc9b42003fff08Ubuntu Security Notice 4077-1 - It was discovered that tmpreaper incorrectly handled certain mount operations. A local attacker could possibly use this issue to create arbitrary files, leading to privilege escalation.
cbf6d91e29b894c6b5cc0c6e8f47a2f7c3a54e63ef13daca71bdf42ca98607c4Red Hat Security Advisory 2019-1931-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A memory corruption issue was addressed.
fdfbc64347b16705a845cde3571301a69f3ee1b416feed39d11c6ed5d7f70b5bRed Hat Security Advisory 2019-1932-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A memory corruption issue was addressed.
fedaf323e38f2e5c6aa9a5e10c0223ec7d9c1a8f85e4e67621b5d2621fcf3148NSKeyedUnarchiver suffers from a use-after-free vulnerability with ObjC objects when unarchiving OITSUIntDictionary instances even if secureCoding is required.
63703796ab8c03a5e2f4d71cdf0827418691b14bf48da00e28c71cabc8224370Red Hat Security Advisory 2019-1930-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 75.0.3770.142. Crash and information disclosure vulnerabilities were addressed.
6920bb97d74e60a939e200405578e6a699ee2389a4e178e237695c0d959bd5c0GigToDo versions 1.3 and below suffer from a persistent cross site scripting vulnerability.
12e787f5c5392e49c6311a9b44f43ad57ccb50a5642eda646cd6107b1814c708Red Hat Security Advisory 2019-1907-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. An issue was address where an improper symlink resolution allows access to host files when executing podman cp on running containers.
c9117765b3cb3a11c50747f160c21a3744ada0139481a68150f58be8c3406ab9Red Hat Security Advisory 2019-1910-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.
73834faab0673e186046ac81754ab59b84c544183a73161ed31109f08d404ee3WordPress Real Estate theme version 2.8.9 suffers from a cross site scripting vulnerability.
8ff267fb390b5d90824ed48ea7bb321959b47eb88d718c974b7723ccf7f65c7bJavaScriptCore suffers from an issue where there's a JSValue use-after-free vulnerability in ValueProfiles.
a9501df8f786600223589a22ac96f06da65cf505b543b54f2ef6219f16639ac6Red Hat Security Advisory 2019-1880-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. An NTLM password overflow via integer overflow issue was addressed.
7ff194be1ef6e345bac33f6db0c2870bd8420e769ad1819a796d665aa8b116e1Red Hat Security Advisory 2019-1896-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a denial of service vulnerability.
bb5ad1aa01b4589eb20ae556b1b2ac0e9ed71c64f242fa71239066f03fc2ffbfRed Hat Security Advisory 2019-1881-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Issues addressed include a buffer overflow vulnerability.
a03ef37470dc15211500f0866b53ebcc85d2fb5c9459ac27fa6c430f8c03dd6cRed Hat Security Advisory 2019-1873-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.
aa0bd47155cf6b507668fab83b4a70fa93bb961b894f3579323af79f460d220eRed Hat Security Advisory 2019-1883-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a buffer overflow vulnerability.
6223a60a0fb394d6cc6ef8e3047e8d8b79646063a73ba0baf27648ff941c1b4fRed Hat Security Advisory 2019-1891-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer and use-after-free vulnerabilities.
70aeeda7c35cb660759a0b6815f6b2d4bc56940402a6b8fa81ca60d3a19d665cRed Hat Security Advisory 2019-1898-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A weak Digest auth nonce generation in mod_auth_digest was addressed.
082615faa950b3a11b6c45b0fee421295525295f5d9fc68aacb1a000f68ab0f3JavaScriptCore DFG loop-invariant code motion (LICM) has an issue where it leaves object property access unguarded.
8fd7bdc27408729bccdf334f804fe0fb27728920396e0444c1671aec6b62ab56Red Hat Security Advisory 2019-1884-01 - The libssh2 packages provide a library that implements the SSH2 protocol. An out-of-bounds memory comparison was addressed.
5cfb9fcc8f02e9d6047eb20d6cf69ad487c72dbced12cb72c9e1a5579ed42721Ubuntu Security Notice 3990-2 - USN-3990-1 fixed a vulnerability in urllib3. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. Various other issues were also addressed.
5ae6d63bf7d972970ecd6d190a19d2ce58c0e9185fc6ecd9c4ff29714220bea2168 bytes small Linux/x86 NOT +SHIFT-N+ XOR-N encoded /bin/sh shellcode.
0535e81b0ede463cd0f475670e1e4a07b636b91c018625cd31f6d3df4b1a1c98
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed