This Metasploit module exploits an arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of the administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system commands under the context of the web-server user.
98b7fd4e5a9eac0e57bc304d77db3533d90d58846a9eac785a65d9954b59c324
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
6d1d466c8d7f507f3e665f4bfe4d16a68d6bff9d7c2ab65f852e2b2a821c28b5
Shenzhen Skyworth RN510 suffers from an unauthenticated sensitive information disclosure vulnerability.
7f26e9706a9282668f82475d29e2552e812bbb3bd068893eb424f30e0d699c6d
Shenzhen Skyworth RN510 suffers from cross site request forgery and cross site scripting vulnerabilities.
70d4b29f86b8a386559ce1885039111a11ce3147edcb6cc01fd5a7adda137f43
Ubuntu Security Notice 4935-1 - It was discovered that the NVIDIA GPU display driver for the Linux kernel incorrectly performed access control. A local attacker could use this issue to cause a denial of service, expose sensitive information, or escalate privileges. It was discovered that the NVIDIA GPU display driver for the Linux kernel incorrectly performed reference counting. A local attacker could use this issue to cause a denial of service. Various other issues were also addressed.
66292e0f8f48dd5fcf00777624e047ca88f5c3b564e94b9cb89ce8ad10c36097
Apple Security Advisory 2021-05-03-3 - watchOS 7.4.1 addresses a code execution vulnerability.
a74f3adab91e01c9e0fefff367eb1ef99467c5782e36af622056c249aed8cb9d
Human Resource Information System version 1.0 suffers from an unauthenticated administrative account creation vulnerability.
1b0dd56635d0d8f821976130f5de798c4be825648db67637f218d558e70f089f
Shenzhen Skyworth RN510 suffers from a buffer overflow vulnerability that allows for remote code execution.
93aaa64937baf7f896bc583390423bd6be7254ef45979a7f1e67273873d3d9df
Apple Security Advisory 2021-05-03-4 - macOS Big Sur 11.3.1 addresses code execution and integer overflow vulnerabilities.
df4b217a42eb1709c37d7e207215b3b9cd5b3aa6bcb1b3e21cb55d9d9d2b4199
Apple Security Advisory 2021-05-03-1 - iOS 14.5.1 and iPadOS 14.5.1 addresses code execution and integer overflow vulnerabilities.
b1a661a45f1863e924bf0c47826de3b86311fedc34670dcc402e1ace89948b08
Apple Security Advisory 2021-05-03-2 - iOS 12.5.3 addresses buffer overflow, code execution, integer overflow, and use-after-free vulnerabilities.
1d5a75dc27a28759dbf63369d390f34a2c5c7d4314ce9ba194e493853c60cf9c
Ubuntu Security Notice 4934-1 - It was discovered that Exim contained multiple security issues. An attacker could use these issues to cause a denial of service, execute arbitrary code remotely, obtain sensitive information, or escalate local privileges.
8b9f1909e4ebf0423b58a94fe51018e3a1d36c06cc7fa8c878d3f560bcdc58cf
Ubuntu Security Notice 4932-1 - It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories.
9e394c0ef18e3526d93584653234e8977f25e52da7f93398b990bb67757cd0f6
Internship Portal Management System version 1.0 suffers from a remote shell upload vulnerability.
a26e07c3c15a7e99b5879614246345b3ac6c2054fadbb7ac46f7d54e552cade0
Ubuntu Security Notice 4933-1 - It was discovered that OpenVPN incorrectly handled certain data channel v2 packets. A remote attacker could possibly use this issue to inject packets using a victim's peer-id. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that OpenVPN incorrectly handled deferred authentication. When a server is configured to use deferred authentication, a remote attacker could possibly use this issue to bypass authentication and access control channel data. Various other issues were also addressed.
2825529c6f1bdef2f73c5ea9bd787acc906039796b1d72be689bb5b5d0bb35b0
Ubuntu Security Notice 4918-3 - USN-4918-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan in some situations. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.
ed60554d508a7c7a87ddb183605063a427e62623b027d35d606782879b133604
Ubuntu Security Notice 4931-1 - Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use this issue to cause winbind to crash, resulting in a denial of service. Francis Brosnan Blázquez discovered that Samba incorrectly handled certain invalid DNS records. A remote attacker could possibly use this issue to cause the DNS server to crash, resulting in a denial of service. Various other issues were also addressed.
c018d6cadb1b0077576c936467d8f98c41592292610ed1d41f0ef94abcf75c25