This Metasploit module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ versions 5.x before 5.11.2 for Windows. The module tries to upload a JSP payload to the /admin directory via the traversal path /fileserver/..\\admin\\ using an HTTP PUT request with the default ActiveMQ credentials admin:admin (or other credentials provided by the user). It then issues an HTTP GET request to /admin/<payload>.jsp on the target in order to trigger the payload and obtain a shell.
962139239272b0ab745f8a302505e5c8a4403aa9a95316d97e92c5946f3bd92fThis Metasploit module exploits an underflow vulnerability in PHP-FPM versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certain Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code (see refs). First, it detects the correct parameters (Query String Length and custom header length) needed to trigger code execution. This step determines if the target is actually vulnerable (Check method). Then, the exploit sets a series of PHP INI directives to create a file locally on the target, which enables code execution through a query string parameter. This is used to execute normal payload stagers. Finally, this module does some cleanup by killing local PHP-FPM workers (those are spawned automatically once killed) and removing the created local file.
b0bb267ae212db3146c03348b75e67574095c1e4c6cca10f25f575609f95bc2fThis Metasploit module exploits an issue in Chrome version 73.0.3683.86 (64 bit). The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.
52e7894b7c0f12d602e2b66b2ab86b9e0c4591cd171e7e1ab5ee86c354cbe687This Metasploit modules exploits a type confusion in Google Chrome's JIT compiler. The Object.create operation can be used to cause a type confusion between a PropertyArray and a NameDictionary. The payload is executed within the rwx region of the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work.
5a38c9abffbaf08c049cb1b58519cd4edf1737251883302e32656d4b4f6eadc6netkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
b3e199216f3edbb0703f308315218c7eff607145a1632bdb92a43e0891a62931Red Hat Security Advisory 2020-0652-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a bypass vulnerability.
aa2fadd109c3d281cc60d74a44e35e56175108108cf9cc6b584692f10b934bc4Red Hat Security Advisory 2020-0734-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a bypass vulnerability.
ef27cfff4723c426d2b2b5d577d6bec77d387f5c06510abd00b753b778487c26Red Hat Security Advisory 2020-0731-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. An out-of-bounds heap access issue was addressed.
4bedc352e59f6c7c3d9af431d3c2f64ecbf7fe1ece1c9a201f306f2199000fd3Red Hat Security Advisory 2020-0730-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. An out-of-bounds heap access issue was addressed.
97719d3620325b820aca7c519b2a3ad307d48d09cd3e03f29b0daccf93f84efesqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
c895b8290cdcb3ac947ffccdda5f3da9726139e85204126fae883022acc79b5cThis Metasploit module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses.
eaae80dd2ec7c12121e43d82f332898ca6bf36eb080cf1316770e1ef1e93f2f0This Metasploit module exploits an issue in Google Chrome version 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from absolute memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.
a5ee5e57a9ca7e2030588e33fb91d4f11725ab4661382274202790f8a15b4fc7Red Hat Security Advisory 2020-0726-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
fe69aca682e06981b424172235b6a5a59085d438109e2b11884873642b00c606Red Hat Security Advisory 2020-0729-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.5 serves as a replacement for Red Hat Data Grid 7.3.4 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include a denial of service vulnerability.
691a4fce3f4a781fa103d043819a3b587563d809ca8c22a14aa50453ba9342d1Red Hat Security Advisory 2020-0728-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.4 serves as a replacement for Red Hat Data Grid 7.3.3 and includes bug fixes and enhancements. An incorrect privilege issue was addressed.
8379d81cdd991ef7fa5de32e165bbd222a9ab35b797949d06f7661402a1fb932Red Hat Security Advisory 2020-0727-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include code execution, deserialization, and insecure handling vulnerabilities.
13b6ad944fac107942bc777260ac04437c23735dc9546da3581b3ea6090c6b7cRed Hat Security Advisory 2020-0720-01 - Waitress is a pure Python WSGI server which supports HTTP/1.0 and HTTP/1.1. HTTP request smuggling was addressed.
073ff936845e6edb0602084d9e603169e0a3bf734795afc24cfafdd36ab033e2Red Hat Security Advisory 2020-0721-01 - The OpenStack Load Balancing service provides a Load Balancing-as-a-Service version 2 implementation for Red Hat OpenStack platform director based installations. A failure to require client certificates was addressed.
2c07205d683caf4e3a0db587ef0d93c5f4fe6cc5c8aa31144418cb952294bc90This is a brief whitepaper that discusses fuzzing the VIM editor.
b961ee5f08adf14aeb3683b15f97a4a747d4d428142b2f7ac487d4c97fc8d786
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed