This Metasploit module exploits multiple vulnerabilities in Bolt CMS version 3.7.0 and 3.6.x in order to execute arbitrary commands as the user running Bolt. Valid credentials for a Bolt CMS user are required. This module has been successfully tested against Bolt CMS 3.7.0 running on CentOS 7.
9f2d762b1d8e6bcbc5f7e02bde9b6d95028ec1015c112f2165e2847c2855320dhaveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
d17bd22fa1745daca5ac72e014ed3b0fe5720da4c115953124b1bf2a0aa2b04bSifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
bd569d5a3b5a6eac3563e2600b084e5a539d8b72c7f7a0b6ff8f1649c5c55817Ubuntu Security Notice 4406-1 - It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary content in the login page.
97b759e08282553a99e5c71b2c574ebb2f34579625538c8a745e35c64abf81f2Red Hat Security Advisory 2020-2737-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities.
90738c78618f6b2862a4c969749078f4d3f745b7b2b047fe0a3d87dbec9acf8bRed Hat Security Advisory 2020-2758-01 - An update for microcode_ctl is now available for Red at Enterprise Linux 7.7 Extended Update Support. Sampling issues were addressed.
553a91792595329cbadf8b388158818e4d2a5fa3921d631279128e3ad877d330Red Hat Security Advisory 2020-2757-01 - An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Sampling issues were addressed.
df27d92b7b2be1d86fce3a32bc8fabd4f3d26bd0882c4ba838dcfaaa6536d896Ubuntu Security Notice 4405-1 - It was discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information.
125504485220886b1c7f733e81ae59e734bfe217ba2439cbb19d70b54f79d8fdNetPCLinker version 1.0.0.0 SEH with egghunter shellcode buffer overflow exploit.
faf335f38b0cfa1532855053ad2d12d2861d1f997d3c34bf6c71855e835b30feDebian Linux Security Advisory 4695-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or a timing attack on cryptographic keys.
b695facb6dd8cc0b879476ce552b9c195948f4bc518c27cb5f63cf8e335ff6e1Debian Linux Security Advisory 4696-1 - Two vulnerabilities were discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code.
d8516cb50b72042afd3677ce970bc7873ca8cf7463bb3f2d29ebe7a93cbe32c0Debian Linux Security Advisory 4697-1 - A flaw was reported in the TLS session ticket key construction in GnuTLS, a library implementing the TLS and SSL protocols. The flaw caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a man-in-the-middle attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2.
1895794b8fd81d9f052729b86087ff5d07fc51243bab11c512c5cb216d4bdb51Debian Linux Security Advisory 4698-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
6b0461d5fdc0442553e93411732b13c0f292cb8ee0cf3b5b3b0228efca950d91Debian Linux Security Advisory 4699-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
5c9b08156b9df614e0b461fd3ef88e61fe9ad766f6bfda59ca0dca4bd59df181Debian Linux Security Advisory 4700-1 - Matei Badanoiu and LoRexxar@knownsec discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform a Cross-Side Scripting (XSS) attack leading to the execution of arbitrary code.
b99b9b11ff30b56084ed6513563f9c002ec060e4d60de71d6f65480ab9c34ebaDebian Linux Security Advisory 4701-1 - This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for the Special Register Buffer Data Sampling (CVE-2020-0543), Vector Register Sampling (CVE-2020-0548) and L1D Eviction Sampling (CVE-2020-0549) hardware vulnerabilities.
a7594ff915e8d7978545559a945ae55a7a497237c23303947c12d184661628a7Debian Linux Security Advisory 4702-1 - Multiple security issues have been found in Thunderbird which could result in the setup of a non-encrypted IMAP connection, denial of service or potentially the execution of arbitrary code.
d513edf1d7468e2dab27753b936d34950fbe909c5cde81e5cccba7e63432acc9Debian Linux Security Advisory 4703-1 - Three vulnerabilities have been found in the MySQL Connector/J JDBC driver.
5f6677d80ef74722ef5b261d5eb4b0f0e79cc30c234cde1af79d87b5bba81acdDebian Linux Security Advisory 4704-1 - A vulnerability was discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed video file is opened.
2a557cfcf78c7acd2ec602d5b2e752157487b49f0ffa224afb7182fe571f5b6fDebian Linux Security Advisory 4705-1 - It was discovered that Django, a high-level Python web development framework, did not properly sanitize input. This would allow a remote attacker to perform SQL injection attacks, Cross-Site Scripting (XSS) attacks, or leak sensitive information.
96e9fef81f25045e7f4233b281f2a1d7cf7dd3dbdc7336b1d810347bcd7b080dDebian Linux Security Advisory 4706-1 - It was discovered that Drupal, a fully-featured content management framework, was suspectible to cross site request forgery.
a491617785b890ea92ce09baf399fbb286886c5b5d2a6d9303667fc1fb4dc396Debian Linux Security Advisory 4707-1 - Damian Poddebniak and Fabian Ising discovered two security issues in the STARTTLS handling of the Mutt mail client, which could enable MITM attacks.
639617a725f0d3746c602a062ffb6cc8802633a4e5c6ec51c1cdc11b187128fcDebian Linux Security Advisory 4708-1 - Damian Poddebniak and Fabian Ising discovered two security issues in the STARTTLS handling of the Neomutt mail client, which could enable MITM attacks.
e4ede39d2fad5c01e10e9c24595ba8d69fe05122bc7a634e5637330330c0f06cDebian Linux Security Advisory 4709-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) attacks, create open redirects, escalate privileges, and bypass authorization access.
70e424455b9518837066a3cc76957691676f2e232ecdb9d44800de9194a21af0Debian Linux Security Advisory 4710-1 - A vulnerability was discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service via malformed HTTP/2 headers.
fa2687f7a95d99d910fc74880c9275b86f7e9535d6bdc1b4a02379f6a71cdd41
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed